I CLICKED A LINK
TOOL SUPPORT & SAFETY

I clicked a link. What do I do now?

Don’t panic. In many cases, a single click doesn’t cause damage — the harm usually happens after you enter details, install something, or approve access. Follow the steps below to reduce risk fast.

Scan the message Follow the steps Report a scam

Stop here if you entered details

If you typed in a password, banking login, card details, or a code — treat this as urgent. Jump to Urgent actions below.

Quick check: what exactly happened?

Choose the closest match — then follow the steps for that scenario.

I clicked, but closed it

You didn’t enter details or download anything.

Lower risk, still do steps 1–3.

I entered details

Password, bank login, card details, or a code.

Urgent actions now.

I downloaded something

A file, app, or “security update”.

Treat as high risk.

Step-by-step: do this in order

These steps reduce risk even if you only clicked once.

Step 01

Close the tab and don’t go back

Close the website completely. Don’t re-open it “to check”. Don’t call numbers shown on the page.

If it claimed to be a bank/IRD/NZTA, use the official app or typed website instead.
Step 02

Scan the message with KiwiScan

Paste the original message and the link (if visible) into KiwiScan. It will classify the risk and tell you the safest next step.

Tip: Copy the link text — don’t click it again.
Step 03

Check your device quickly

If anything downloaded, or your phone/browser behaved strangely, run a security scan and remove anything suspicious.

If you installed an app, remove it immediately and restart your device.

Fast device checklist

Do the items below that match your situation:

  • Android: Settings → Apps → remove unknown apps. Check Permissions (Accessibility / Device Admin) for anything unfamiliar.
  • iPhone: Delete any app you installed. Settings → General → VPN & Device Management (remove unknown profiles).
  • Browser: Remove unknown extensions/add-ons. Clear site permissions (notifications, popups).
  • Notifications: Turn off “Allow notifications” for suspicious sites.
Open KiwiScan Tool Privacy & Safe Use

Urgent actions (if you entered details)

If you typed anything sensitive, treat this as time-critical.

If you entered a password

  • Change that password immediately (start with your email password first).
  • Turn on 2FA/MFA using an authenticator app where possible.
  • If you reused the password anywhere else, change those too.
Email takeover is the most common “domino effect”.

If you entered card or bank details

  • Call your bank using the number on the back of your card (not from the message).
  • Ask to block/freeze cards, reset online banking, and flag fraud monitoring.
  • Check recent transactions and set up alerts if available.
Banks can often stop further loss if you contact them quickly.
IF YOU PAID MONEY

Follow the “If you paid” steps.

Payment scams require bank action straight away. Even if you’re not sure, treat it as urgent.

What to do if you paid Report a scam

Quick answers

Common questions after clicking a suspicious link.

Can I get hacked just by clicking?

Usually, the bigger risk starts when you enter details, install an app, or approve permissions. That said, some malicious sites can exploit old browsers. If your device is outdated, treat it more seriously.

What if the site asked to enable notifications?

Deny it. If you allowed notifications, remove permission in your browser settings straight away. Scam notifications can keep pushing fake warnings and “support” numbers.

What if I installed an app?

Uninstall it immediately. Then check app permissions and security settings. If it asked for Accessibility or Device Admin access, remove those permissions before uninstalling if possible.

Should I reply to the message to tell them off?

No. Replying confirms your number/email is active. Block and report instead.

Want to confirm what it was?

Scan the exact message and KiwiScan will guide you.

SCAN NOW