I Was Scammed by Email — What to Do Next (Step-by-Step)

You Fell for an Email Scam. Now What?

First: you are not alone, and you are not stupid. Phishing emails in 2026 are created with AI tools, impersonate legitimate brands pixel-perfectly, use real sender domains via spoofing, and are tested against spam filters before deployment. The FBI's Internet Crime Complaint Center receives over 800,000 complaints per year — millions more go unreported because victims feel ashamed.

Quick action in the first 24 hours is what separates recoverable incidents from permanent damage. Here is exactly what to do.

Step 1: Stay Calm and Act Fast

Panic leads to mistakes. The first thing to do is stop — close the suspicious page or email, do not click anything else, and do not forward the email to friends or family without stripping any links first. Then work through the steps below in order. The faster you act, the more options you have.

Step 2: If You Clicked a Phishing Link

If you clicked a link but did not enter any information: run your antivirus or malware scanner immediately (Windows Defender or Malwarebytes are good starting points). Check if any files were downloaded and delete them. If you are on a work device, notify your IT department — they need to know.

If you clicked and a page loaded that looked like a login form but you did not enter credentials: same steps. Some phishing pages exploit browser vulnerabilities to install malware on click without requiring any input. A full device scan is the right response.

If you clicked and allowed a browser extension or software to install: uninstall it immediately via your browser settings or system settings. Run a full malware scan. Change all passwords from a clean device.

Step 3: If You Provided Credentials

This is the most time-sensitive scenario. Every minute your credentials are exposed, the attacker is potentially logging in and locking you out.

Immediately change the password on the account that was phished — do this from a different device or network if possible. Then change the same password everywhere you used it (password reuse is how one compromise becomes twenty). Enable 2FA on every account if you have not already.

Critically: check your Gmail forwarding rules and filters immediately. Go to Gmail Settings → See all settings → Forwarding and POP/IMAP, and also Settings → Filters and Blocked Addresses. Attackers routinely set up silent forwarding rules so they continue receiving your emails even after you change your password. Delete any rules you did not create.

Check your Gmail account activity: click your profile photo → Manage your Google Account → Security → Recent activity. Look for sign-ins from unfamiliar locations or devices and revoke them.

Step 4: If You Sent Money or Financial Information

If you wired money, sent a gift card, or shared banking details: contact your bank or financial institution immediately. Explain it was fraud. Wire transfers can sometimes be recalled if you act within hours — after 24-48 hours the window closes. Credit card charges can often be disputed as fraud. Gift card transactions are almost never recoverable, but reporting them can help authorities track the scammers.

File a police report with your local law enforcement. This creates an official record, which your bank and insurance company may require for fraud claims.

Report to the FBI's Internet Crime Complaint Center at ic3.gov. The FBI uses these reports to track criminal networks and sometimes recovers funds in large cases.

Step 5: Document Everything

Before you delete anything, document the evidence. Take screenshots of the phishing email, the fraudulent website, any receipts or transaction confirmations, and any communications with the scammer. In Gmail, you can view the full email headers (click the three-dot menu → Show original) to capture technical forensic information about the sender. This documentation is critical for police reports, bank disputes, and regulatory complaints.

Step 6: File Official Reports

Report to the FTC at reportfraud.ftc.gov — the FTC uses these reports to investigate and prosecute fraud networks. Report to the FBI at ic3.gov. If the scam involved a spoofed brand (e.g., a fake PayPal or Amazon email), report it to that company's fraud department as well — they have dedicated teams and can take action against fraudulent domains.

If you are in the EU, report to your national cybercrime unit. In the UK, report to Action Fraud (actionfraud.police.uk). In Sweden, report to Polisen's online form and to CERT-SE.

Prevention Going Forward — How Gorganizer Helps

The best way to avoid email scam recovery is to stop scam emails before they reach you. Gorganizer scans your inbox with 1,300+ detection signals for phishing attempts, impersonation attacks, credential harvesting lures, and suspicious sender patterns — flagging them before you open them. If you've been scammed once, the attackers often sell or reuse your email address, meaning you'll receive more targeted attacks. Running Gorganizer after an incident cleans up the phishing wave before it reaches you a second time.