I clicked on a phishing link: What should I do? (2024)

Table of Contents
What happens if you click on a phishing link? Cybercriminals may get your information You may be redirected to a phishing site It may install malware on your device What should you do if you click on a phishing link? How can you protect yourself from phishing? How to recognize phishing scams FAQ FAQs

Table of Contents

What happens if you click on a phishing link?

URL phishing — or manipulating users to click on malicious links — is a social engineering attack (and a common cybersecurity threat). Phishing links can be programmed to do several different things, from passing your information to spreading malware. Here’s what may happen when you click on a phishing link.

Cybercriminals may get your information

Clicking on a phishing link may instantly transmit your location and device information to malicious actors. With this information in their hands, they may be able to target you with location-based scams or commit other types of cybercrimes (like financial fraud or identity theft). Additionally, cybercriminals may sell your compromised information on the dark web, enabling other malicious parties to target you.

You may be redirected to a phishing site

Some phishing links redirect you to fake websites (that often look legitimate), where cybercriminals may ask you to enter sensitive information. Sometimes, if your browser has security loopholes, just landing on a fraudulent website may trigger a malware download (known as a drive-by download).

It may install malware on your device

Some phishing links may be set up to download malicious files when you click them. This may be the most dangerous type because you have less time to stop the malware from spreading on your device.

The malicious download may contain spyware — dangerous malware designed to steal your information (like credit card details, usernames, and passwords). Some types of malware may also give the attackers remote access to your device.

What should you do if you click on a phishing link?

Even if you’re aware of the dangers of phishing, you may still sometimes fall for a clever phishing campaign. So what should you do if you open a phishing email and click on a phishing link? Here are the steps to take if you’ve done so.

See Also
How to Watch Khalbali Records in the US on JioCinema

  1. Don’t provide information. Clicking on a phishing link is bad — but clicking on a link and entering your information is worse. If you’ve clicked on a phishing link and were taken to a potentially malicious website, don’t enter any information or interact with the website in any way (e.g., click other links or accept cookies). What you need to do is leave the fake website immediately to avoid further problems.
  2. Disconnect from the internet. Going offline on your device is important because it interrupts whatever is happening behind the scenes — whether it’s a malware download or the attackers already harvesting your sensitive information. Disconnect from your Wi-Fi or turn on Airplane Mode on your phone — then you can safely investigate the attack further.
  3. Check your device for malware. Once you’re offline, check for signs of malware infection. If you’re using a desktop or a laptop, run a scan using your anti-malware software. The scan should detect if your device has been infected and display the steps for removing malware. For iOS devices, it may not always be possible to run an antivirus scan — we’ll talk more about this operating system in the FAQs.
  4. Back up your data. Malicious infections may damage or delete your files, so it’s important to back them up. Because you won’t be connected to the internet, the best way to back up your files is to use an external encrypted storage device. Be sure to back up your files only after removing malware to keep it out of the backup.
  5. Change your passwords. The next step is securing all your accounts that may be at risk (such as your bank or student loan account). Using a separate device, update your passwords and passphrases. For security reasons, don’t perform this step on the device you used when you clicked the phishing link — it should still be disconnected from the network. Check out our strong password guidelines for tips.
  6. Report the phishing link. Finally, report the phishing link to help protect others from falling for the same scam. You should perform this step after you’ve made sure that your device is safe and hasn’t been infected with malware. If the phishing link came from an email, go back to the email and click the “Report spam” button. You may also report the phishing email to an official government body, such as the Federal Trade Commission in the U.S. or the National Cyber Security Centre in the UK.

How can you protect yourself from phishing?

As internet users, we’re often targeted by phishing scams. While companies do their part to prevent phishing, make sure you’re also taking steps to keep yourself safe. Here’s how to protect yourself from phishing.

  • Learn to detect phishing. Get familiar with how phishing attempts look, sound, and feel so that you can learn to recognize them. Though phishing attacks can sometimes be difficult to spot, they often have common characteristics that give them away (like a sense of urgency and poor grammar). In addition to recognizing these attacks, using anti-phishing solutions that block dangerous phishing websites, can help you further enhance your online security. We’ll review the most common signs of a phishing attack in detail below.
  • Think before you act. When you receive an urgent email (e.g., with a subject like “Action required”), make sure you think before you do anything — use the SLAM method. Take the time to ensure the sender’s email address is legitimate by visiting the company’s official website or contacting the company at a number you trust (not one from the message). It’s highly unlikely that a legitimate company would expect you to take action the second you receive an email — so it’s best to slow down and carefully think it through.
  • Keep software up to date. Regularly updating your software generally improves your cybersecurity and can help defend against phishing campaigns. Software (and browser) updates often contain the latest security patches to keep you safe against constantly evolving threats.
  • Set spam filters for email. Most email providers allow you to set spam filters — specific filtering rules that keep out unwanted or potentially malicious emails. You can set these filters to look for specific criteria and stop emails that match the criteria from reaching your inbox. With the help of spam filters, you can automatically reduce the number of fraudulent emails you receive.
  • Use multi-factor authentication (MFA). While setting up multi-factor authentication won’t prevent phishing attacks, it may help protect your accounts from attackers. Multi-factor authentication asks account owners to authorize login attempts using a special code or a second device. While the attackers may have your login credentials, they hopefully won’t be able to authorize the login and reach the account.
  • Consider using a password manager. A password manager is a specialized tool that lets you securely create, store, and autofill your passwords. Password managers typically generate strong, unique passwords you don’t have to remember and autofill them for known websites. Plus, your passwords are stored in an encrypted vault, so even if attackers succeeded in accessing your device, they wouldn’t be able to steal your passwords. Check out more information about the NordPass password manager.

How to recognize phishing scams

Learning to recognize phishing scams is crucial. Most phishing campaigns have similar characteristics. Here are the most common.

  • A sense of urgency. Most attackers want to create a false sense of urgency so that you take action before you can think your actions through. The less time you have to think about what you’re doing (e.g., entering your login credentials), the less likely you are to notice the warning signs. If an email or a text message sounds unusually urgent and asks you to take action immediately, take a moment to pause and carefully review the message.
  • First-time or infrequent senders. While it’s possible to get an email from someone legitimate who has never emailed you before, it’s worth treating such emails with caution. If you receive an email marked as “External” or from a sender you don’t recognize, slow down and review the email carefully. Also, some companies would never use various messaging apps to contact you. For example, various Telegram scams could try to look like legitimate companies. If it feels off, you’re probably onto something.
  • Mismatched email domains. If you get an email supposedly from a reputable company like NordVPN or your bank, but the sender’s email address uses another domain (like Gmail.com), it’s probably a phishing scam. Also, watch out for slight misspellings of legitimate domain names (e.g., @n0rdvpn.com) — scammers often use these to trick users.
  • Bad spelling or grammatical errors. Cybercriminals rarely spell-check their content, so phishing emails and text messages are often littered with mistakes. While sometimes these errors result from awkward translation practices, other times they may be a deliberate approach. Scammers want to avoid people who notice these mistakes because they’re more likely to realize it’s a scam before they part with their money.
  • Generic greetings. When you get a legitimate email from a company about a product you use, it typically won’t have a generic greeting (like “Dear customer”). You will most likely have provided your name when signing up for their services, and most companies use personalization to make emails more engaging. If you receive an email with a generic greeting, it may be fraudulent.
  • Suspicious files or links. Most phishing attacks include suspicious attachments or links you’re urged to interact with. Legitimate companies (like banks) won’t send you emails with direct login links or attachments to open — so if you get such an email, it’s most likely a phishing scam. If you’re suspicious about a link, you can check if it’s legitimate by hovering over it with your mouse until its actual URL appears. With scam links, it’ll likely be a string of numbers that don’t look like the company’s web address. And always check for typos in the links so you don’t fall for a typosquatting attack.
  • Asking for empathy or compassion. Marijus Briedis, CTO at NordVPN, explained that the most common scam on Facebook consists of a post containing some variation of “I can’t believe he’s gone. I’ll miss him so much” and a link. Watch out for phishing scams that exploit your empathy or compassion by urging you to share personal information. Be wary of emails that tug at your heartstrings or ask for financial help. Always verify the legitimacy of such requests before taking any action.

For more information, check out our article on how to protect yourself from phishing emails.

Online security starts with a click.

Stay safe with the world’s leading VPN

Get NordVPN

Learn more

FAQ

I clicked on a phishing link: What should I do? (2024)

FAQs

What if I accidentally clicked a phishing link? ›

If you click a phishing link sent via a spam or scam text message and share your personal information or account credentials your information could be at risk. As an immediate step, always change the password associated with the account credentials compromised by a scam.

Keep Reading
Should I reset my phone if I clicked on a phishing link? ›

However, the safest method is to perform a factory reset, so back up your phone and then reset it.

Discover More Details
What should you do if you believe you have clicked on a phishing email? ›

If you think you have been tricked into acting on a phishing message, change your online credentials immediately. This applies to all online accounts—email, online banking, social media, shopping accounts, you name it. Do not make the mistake of using the same username and password for all your online accounts.

Get More Info Here
What happens if you reply to phishing? ›

Yes, you can get hacked by replying to an email, especially a phishing email. In most cases, it's not the response that causes the breach but the subsequent actions that follow. When you respond, you confirm that your email account is active, making you a target for further attacks.

Read The Full Story
Will I get hacked if I click a link? ›

While there are many ways that malware can infect a device, one of the most common ways is through phishing links. If you click on a phishing link, it's possible that malware could be silently installing itself in the background.

Discover More Details
How do I know if I have been phished? ›

Here are some ways to recognize a phishing email: Urgent call to action or threats - Be suspicious of emails and Teams messages that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty.

Keep Reading
How to check if your phone has a virus in settings? ›

How can I check for viruses and malware on my Android phone?
  1. Go to Settings.
  2. Tap Battery and Device Care.
  3. Tap Device protection.
  4. Tap Scan phone.
  5. All of the apps and data on your device will be scanned.
  6. Once the scan is completed you will be shown whether or not your device is secure.

Discover More
How long do phishing links stay active? ›

1. Phishing sites have a lifecycle of about 15 hours. In order to reduce the chances of being detected and blocked, scammers are constantly creating new phishing sites and deactivating old ones. On average, phishing sites are live for only 15 hours.

Learn More Now
Will a factory reset stop a hacker? ›

If all else fails, you can perform a factory reset on your device. Before doing so, back up your important files, as a factory reset will wipe all of your files and personal data from your phone's internal storage. On the plus side, a factory reset will also remove any malicious files a hacker may have been using.

See More
Will I get hacked if I accidentally open a link in an email but closed it right away? ›

No, you cannot get hacked just by opening an email. The only way you can get hacked through an email is by interacting with the contents of the email, such as clicking on a malicious link or attachment. Continue reading to learn more about malicious emails and how to avoid getting hacked through them.

Get More Info

Does opening a phishing email do anything? ›

Just opening the phishing message without taking any further action will not compromise your data. However, hackers can still gather some data about you, even if all you did was open the email.

Show Me More
What is the most appropriate action to take when you receive a phishing email? ›

Do not open it. In some cases, the act of opening the phishing email may cause you to compromise the security of your Personally Identifiable Information (PII). Delete it immediately to prevent yourself from accidentally opening the message in the future. Do not download any attachments accompanying the message.

Discover More
What are the consequences of being phished? ›

With the sensitive information obtained from a successful phishing scam, these thieves can take out loans or obtain credit cards and even driver's licenses in your name. They can do damage to your financial history and personal reputation that can take years to unravel.

Read The Full Story
What happens when you are a victim of phishing? ›

Most of these involve hackers impersonating official representatives of legitimate companies and duping the phishing victim into providing personal details that can then be used for financial gain or identity fraud.

See More
Will phishing go away? ›

Phishing may never go out of season, but with the right approach you can minimize the risk that your organization will ever get hooked.

See Details
What if I accidentally clicked on a bad website on my iPhone? ›

Answer: If you accidentally click on a spam link on your iPhone, immediately close the browser or app where the link was opened. Then, clear your browser history and website data to remove any lingering traces. It's also a good idea to run a security scan with any trusted antivirus app you have installed.

Get More Info
Can phishing attempts contain malware? ›

Malware is often hidden in phishing emails, or in websites that they link to. Well-configured devices and good end point defences can stop malware installing, even if the email is clicked.

Discover More
What to do if I opened a phishing email on my iPhone? ›

Mark as Spam

If you accidentally open the email on your phone or other device, it is important to mark it as spam. Most email services, such as Gmail and Apple, can filter spam messages and keep them in a separate folder.

Read On
What if I accidentally clicked on a suspicious link on Instagram? ›

If you accidentally entered your username or password into a strange link, someone else might be able to log in to your account. Here are some things you can do. If you are able to log in to your account, learn how to secure your account by resetting your password and logging out of any devices you don't own.

Get More Info Here
Top Articles
Public Storage hiring Public Storage - Hiring Event - OMAHA, NE - WED. Aug 21 in Omaha, NE | LinkedIn
Divine Orb | Buy, Sell & Trade Securely at Odealo.com
Is Sam's Club Plus worth it? What to know about the premium warehouse membership before you sign up
25X11X10 Atv Tires Tractor Supply
What Happened To Dr Ray On Dr Pol
Here's how eating according to your blood type could help you keep healthy
B67 Bus Time
Myunlb
The Rise of Breckie Hill: How She Became a Social Media Star | Entertainment
Wordscape 5832
2016 Hyundai Sonata Price, Value, Depreciation & Reviews | Kelley Blue Book
Oc Craiglsit
Wgu Admissions Login
Wildflower1967
Jc Post News
A rough Sunday for some of the NFL's best teams in 2023 led to the three biggest upsets: Analysis - NFL
Kvta Ventura News
How Much Are Tb Tests At Cvs
Connect U Of M Dearborn
Eva Mastromatteo Erie Pa
How do I get into solitude sewers Restoring Order? - Gamers Wiki
List of all the Castle's Secret Stars - Super Mario 64 Guide - IGN
Rondom Ajax: ME grijpt in tijdens protest Ajax-fans bij hoofdbureau politie
Conan Exiles: Nahrung und Trinken finden und herstellen
Jeff Now Phone Number
Play Tetris Mind Bender
800-695-2780
Pixel Combat Unblocked
Encore Atlanta Cheer Competition
Que Si Que Si Que No Que No Lyrics
Vip Lounge Odu
Los Garroberros Menu
Empires And Puzzles Dark Chest
Pokemon Reborn Locations
Mars Petcare 2037 American Italian Way Columbia Sc
How to play Yahoo Fantasy Football | Yahoo Help - SLN24152
The Closest Walmart From My Location
Hellgirl000
Wo ein Pfand ist, ist auch Einweg
Restored Republic May 14 2023
Umiami Sorority Rankings
Powerspec G512
Random Animal Hybrid Generator Wheel
Matt Brickman Wikipedia
Interminable Rooms
This Doctor Was Vilified After Contracting Ebola. Now He Sees History Repeating Itself With Coronavirus
Greg Steube Height
Pilot Travel Center Portersville Photos
Ssss Steakhouse Menu
Haunted Mansion Showtimes Near The Grand 14 - Ambassador
Latest Posts
Chaossphäre Farm Guide
Profession Knowledge Treasure Locations in The War Within (TWW)
Article information

Author: Dan Stracke

Last Updated:

Views: 6111

Rating: 4.2 / 5 (43 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Dan Stracke

Birthday: 1992-08-25

Address: 2253 Brown Springs, East Alla, OH 38634-0309

Phone: +398735162064

Job: Investor Government Associate

Hobby: Shopping, LARPing, Scrapbooking, Surfing, Slacklining, Dance, Glassblowing

Introduction: My name is Dan Stracke, I am a homely, gleaming, glamorous, inquisitive, homely, gorgeous, light person who loves writing and wants to share my knowledge and understanding with you.