Phishing schemes are a type of scam in which cybercriminals attempt to gain access to your sensitive data. By sending emails that appear to come from a legitimate source, phishers try to trick you into clicking a link or downloading an attachment. If you don’t realize the email is fraudulent, you may end up following the instructions in the email and reveal your passwords, credit card information, or Social Security number. If you’re the victim of a phishing scheme, here are seven steps to take now to protect yourself and safeguard your compromised data.

1. TAKE A DEEP BREATH.

Phishing schemes have become increasingly sophisticated, so don’t beat yourself up if you fall for one. Take a few deep breaths to calm down, clear your head, and plan your next steps. Remember that falling for a phishing scheme doesn’t necessarily mean that your identity will be stolen. Phishing schemes vary, so what you’ll do next depends on what kind of phisher targeted you.

If you downloaded a fraudulent attachment, turn off Wi-Fi and disconnect from the internet, stat. If you remove the phisher’s access to your computer quickly enough, you may be able to stop the phisher from installing malware or gaining remote access to your computer. And if you clicked on a link to a fraudulent website, try to remember exactly what information (username, password, address) you entered. Take screenshots of the phishing email or jot down details such as the sender’s email address, the content of the email, and the URL that you clicked.

2. CHANGE YOUR PASSWORDS.

If you clicked a link that directed you to a site that appeared to be your bank, email service, or social media account, for example, log in to the real site and change your password. If you use the same password for multiple accounts—which you shouldn’t do—change the passwords for the other accounts as well. Take the extra time to change any password hints or security questions, and take a look at your profile or recent activity to see if the phisher did any damage or made any purchases using your account.

3. CONTACT THE ORGANIZATION THAT WAS SPOOFED.

Report the phishing scheme to the company—whether it’s your email provider, your utility company, or your employer—that the phisher impersonated. Let the company know that you changed your password, and follow their instructions for safeguarding your information and your account. If you gave out financial information, you may need to cancel your existing card and get a new one. Additionally, if you want to help other people avoid phishing scams, you can report the details of your experience to the Anti-Phishing Working Group or the FBI’s Internet Crime Complaint Center.

4. SCAN YOUR COMPUTER FOR VIRUSES.

Whether you downloaded an attachment or clicked on a link, it’s a good idea to scan your computer for viruses and malware. Anti-virus software can examine your computer, alerting you to any files that may have been infected. If you’re still not sure if your computer is free of malware, consider hiring an expert to help you.

5. WATCH OUT FOR WARNING SIGNS OF IDENTITY THEFT.

If you’ve revealed any financial information or other sensitive data like your Social Security number, you need to watch for signs of identity theft. First, keep a close eye on your bank and credit card statements, looking for any withdrawals or purchases that you didn’t authorize. You can also ask your bank to alert you of any unusual activity. Next, to protect your credit score, notify the three major credit reporting agencies that your information was compromised. Finally, order your credit report from the three agencies to make sure that your reports are accurate and don’t contain new lines of credit (that you didn’t sign up for).

6. FILE A REPORT WITH THE FTC.

If you see signs that your identity has been stolen, report the theft to the Federal Trade Commission (FTC). The FTC will guide you through the steps to take whether your information was stolen from your credit card account, utilities, checking and savings, or medical insurance. You should also place a fraud alert on your credit report to make it harder for criminals to rack up charges using your identity. The alert lasts for 90 days, but you can renew it if you need more time.

7. PROTECT YOURSELF AGAINST FUTURE PHISHING SCHEMES.

Given the time and hassle involved in being a phishing victim, now is the time to take steps to protect yourself against future phishing schemes. Be careful when you check your inbox and pause before opening, clicking links, or downloading files from suspicious emails. If you get an email that looks like it’s from your bank, credit card company, or social media accounts, take a moment to examine it closely. Instead of revealing any personal information, go directly to the website to log in or call the company to determine if the email is legitimate.

Anyone can mistakenly fall victim to a phishing scheme or other identity breach, so it’s important that you stay in the know. Discover® will help you to protect your identity by monitoring thousands of risky websites and alert you if they find your social security number. And it’s free for cardmembers who sign up. It won’t solve all phishing issues, but it’s a good first step to putting you in the know. Learn more at www.discover.com/freealerts.