Fell for a phishing scam?
Tell me what you did. You leave with an action plan in the right order, calmly, with the real French services, and you can have it sent to you by email.
Phishing aims to get you to enter your credentials or your bank details on a page that mimics a trusted service. If it has happened to you, do not panic: the first few hours matter, but a few simple steps sharply limit the damage.
I only clicked
You opened a suspicious link without entering a login or approving anything. The risk is lower, but a few moves are worth making as a precaution.
- 1Send nothing more and close the page
Do not go any further in the form and do not send back any "confirmation" code received by SMS. Close the fake site's tab.
- 2Have the device scanned at the slightest doubt
If you downloaded an attachment or installed something, run an up-to-date antivirus scan; if doubt persists, get help.
- 3Watch your accounts and statements
The data collected is often resold and reused later. Stay vigilant for several weeks and turn on login and payment alerts wherever they exist.
- 4Report the fraudulent message and site
Email: Signal Spam. Text: forward it to 33700. Fraudulent site: Pharos (internet-signalement.gouv.fr). For support: cybermalveillance.gouv.fr and the 17Cyber service.
Get your anti-phishing plan by email
Keep the steps handy. One-time send, no strings attached.
In 2025, phishing remains the number one cyber threat in France, across all audiences.
Source: Cybermalveillance.gouv.fr, 2025 activity report.
Frequently asked questions
I only clicked the link without entering anything. Am I at risk?
The risk is low if you did not enter any credentials, download any file, or authorise any app. To be safe, enter nothing on the page that opened, close it, and stay alert over the following days. If you have any doubt about your device, have it checked.
Should I change all my passwords?
Start with the one you may have disclosed, then your main email account (it is used to reset your other accounts). Next, change any identical or similar password reused elsewhere. Turn on two-factor authentication everywhere you can.
I gave away my bank details. What should I do first?
Contact your bank immediately to report the fraud and, if necessary, block your card. In France, the law governs the refund of unauthorised payment transactions once reported: your bank will tell you the steps to take and the deadlines for disputing them.
Where do I report the fraudulent message or website?
Report the fraudulent email through Signal Spam (browser add-on or the form on signal-spam.fr), forward scam text messages to 33700, and report the site or the illegal content on the Pharos platform (internet-signalement.gouv.fr). For hands-on help, go through cybermalveillance.gouv.fr or the 17Cyber service.
Should I file a complaint?
Yes, if you have suffered harm (fraudulent debit, impersonation, data loss). A complaint is often required by your bank or insurer, and it feeds investigations. You can go to a police station or gendarmerie; an online pre-complaint is possible for certain offences.
How long should I stay vigilant?
Several weeks at least. Stolen data is often resold and reused later, sometimes by a fake bank adviser who already knows your name and your transactions. Watch your accounts and be wary of any unsolicited "official" contact.

Don't miss the next analysis