Fell for a phishing scam?
Tell me what you did. You leave with an action plan in the right order, calmly, with the real French services, and you can have it sent to you by email.
Phishing aims to get you to enter your credentials or your bank details on a page that mimics a trusted service. If it has happened to you, do not panic: the first few hours matter, but a few simple steps sharply limit the damage.
J'ai seulement cliqué
Vous avez ouvert un lien suspect sans saisir d'identifiant ni valider quoi que ce soit. Le risque est plus faible, mais quelques gestes s'imposent par prudence.
- 1Ne transmettez plus rien et fermez la page
N'allez pas plus loin dans le formulaire et ne renvoyez aucun code « de confirmation » reçu par SMS. Refermez l'onglet du faux site.
- 2Faites analyser l'appareil au moindre doute
Si vous avez téléchargé une pièce jointe ou installé quelque chose, lancez une analyse antivirus à jour ; en cas de doute persistant, faites-vous aider.
- 3Surveillez vos comptes et vos relevés
Les données récupérées sont souvent revendues et réutilisées plus tard. Restez vigilant plusieurs semaines et activez les alertes de connexion et de paiement quand elles existent.
- 4Signalez le message et le site frauduleux
Email : Signal Spam. SMS : transférez-le au 33700. Site frauduleux : Pharos (internet-signalement.gouv.fr). Pour être accompagné : cybermalveillance.gouv.fr et le dispositif 17Cyber.
Recevez votre plan anti-phishing par email
Gardez la marche à suivre sous la main. Envoi unique, sans engagement.
In 2025, phishing remains the number one cyber threat in France, across all audiences.
Source: Cybermalveillance.gouv.fr, 2025 activity report.
Frequently asked questions
I only clicked the link without entering anything. Am I at risk?
The risk is low if you did not enter any credentials, download any file, or authorise any app. To be safe, enter nothing on the page that opened, close it, and stay alert over the following days. If you have any doubt about your device, have it checked.
Should I change all my passwords?
Start with the one you may have disclosed, then your main email account (it is used to reset your other accounts). Next, change any identical or similar password reused elsewhere. Turn on two-factor authentication everywhere you can.
I gave away my bank details. What should I do first?
Contact your bank immediately to report the fraud and, if necessary, block your card. In France, the law governs the refund of unauthorised payment transactions once reported: your bank will tell you the steps to take and the deadlines for disputing them.
Where do I report the fraudulent message or website?
Report the fraudulent email through Signal Spam (browser add-on or the form on signal-spam.fr), forward scam text messages to 33700, and report the site or the illegal content on the Pharos platform (internet-signalement.gouv.fr). For hands-on help, go through cybermalveillance.gouv.fr or the 17Cyber service.
Should I file a complaint?
Yes, if you have suffered harm (fraudulent debit, impersonation, data loss). A complaint is often required by your bank or insurer, and it feeds investigations. You can go to a police station or gendarmerie; an online pre-complaint is possible for certain offences.
How long should I stay vigilant?
Several weeks at least. Stolen data is often resold and reused later, sometimes by a fake bank adviser who already knows your name and your transactions. Watch your accounts and be wary of any unsolicited "official" contact.

Ne ratez pas la prochaine analyse