If you become the victim of a phishing scam, here are a number of things you should do if you can:
- Disconnect your device from the Internet / turn off Wi-Fi: The sooner you do this, the less likely you can spread any potential malware to other devices on your network and remotely accessing those devices.
- Update your passwords: Clicking those phishing links will provide that person access to your personal information and your passwords. You definitely need to update your passwords. Make them complex passwords as well. LastPass (a sponsor of TWiT) is a great service to make complex passwords and manage them all from one location.
- Wipe your hard drive & do a clean install of your operating system: Some people may suggest scanning your device for viruses and malware. But the safest thing to do after disconnecting your device from the internet is to do format your hard drive completely. It's the safest way to purge any viruses or malware from your device.
These are definitely the first things you should try to do with your device & personal information. Other things you should do as well is to monitor your credit cards, set up a fraud alert on your credit report, and reporting the incident to a fraud center.