If you have already entered sensitive financial information or your password into a Web site based on a request from a spoofed email, you should take immediate action to protect your identity and all of your online accounts.
- Treat the situation like you lost your wallet or purse. Immediately contact all of your financial institution(s), preferably by phone, and inform them of the situation.
- Choose a strong password that is significantly different from your old passwords.
- Go to every web site where you may have stored credit card and/or bank numbers and change the password at each web site
Be quick, but thorough. Cover all of your bases, and you can minimize the risk.