I clicked on a phishing link: What should I do? (2024)

What happens if you click on a phishing link?

URL phishing — or manipulating users to click on malicious links — is a social engineering attack (and a common cybersecurity threat). Phishing links can be programmed to do several different things, from passing your information to spreading malware. Here’s what may happen when you click on a phishing link.

Cybercriminals may get your information

Clicking on a phishing link may instantly transmit your location and device information to malicious actors. With this information in their hands, they may be able to target you with location-based scams or commit other types of cybercrimes (like financial fraud or identity theft). Additionally, cybercriminals may sell your compromised information on the dark web, enabling other malicious parties to target you.

You may be redirected to a phishing site

Some phishing links redirect you to fake websites (that often look legitimate), where cybercriminals may ask you to enter sensitive information. Sometimes, if your browser has security loopholes, just landing on a fraudulent website may trigger a malware download (known as a drive-by download).

It may install malware on your device

Some phishing links may be set up to download malicious files when you click them. This may be the most dangerous type because you have less time to stop the malware from spreading on your device.

The malicious download may contain spyware — dangerous malware designed to steal your information (like credit card details, usernames, and passwords). Some types of malware may also give the attackers remote access to your device.

What should you do if you click on a phishing link?

Even if you’re aware of the dangers of phishing, you may still sometimes fall for a clever phishing campaign. So what should you do if you open a phishing email and click on a phishing link? Here are the steps to take if you’ve done so.

1. Don’t provide information. Clicking on a phishing link is bad — but clicking on a link and entering your information is worse. If you’ve clicked on a phishing link and were taken to a potentially malicious website, don’t enter any information or interact with the website in any way (e.g., click other links or accept cookies). What you need to do is leave the fake website immediately to avoid further problems.
2. Disconnect from the internet. Going offline on your device is important because it interrupts whatever is happening behind the scenes — whether it’s a malware download or the attackers already harvesting your sensitive information. Disconnect from your Wi-Fi or turn on Airplane Mode on your phone — then you can safely investigate the attack further.
3. Check your device for malware. Once you’re offline, check for signs of malware infection. If you’re using a desktop or a laptop, run a scan using your anti-malware software. The scan should detect if your device has been infected and display the steps for removing malware. For iOS devices, it may not always be possible to run an antivirus scan — we’ll talk more about this operating system in the FAQs.
4. Back up your data. Malicious infections may damage or delete your files, so it’s important to back them up. Because you won’t be connected to the internet, the best way to back up your files is to use an external encrypted storage device. Be sure to back up your files only after removing malware to keep it out of the backup.
5. Change your passwords. The next step is securing all your accounts that may be at risk (such as your bank or student loan account). Using a separate device, update your passwords and passphrases. For security reasons, don’t perform this step on the device you used when you clicked the phishing link — it should still be disconnected from the network. Check out our strong password guidelines for tips.
6. Report the phishing link. Finally, report the phishing link to help protect others from falling for the same scam. You should perform this step after you’ve made sure that your device is safe and hasn’t been infected with malware. If the phishing link came from an email, go back to the email and click the “Report spam” button. You may also report the phishing email to an official government body, such as the Federal Trade Commission in the U.S. or the National Cyber Security Centre in the UK.

How can you protect yourself from phishing?

As internet users, we’re often targeted by phishing scams. While companies do their part to prevent phishing, make sure you’re also taking steps to keep yourself safe. Here’s how to protect yourself from phishing.

• Learn to detect phishing. Get familiar with how phishing attempts look, sound, and feel so that you can learn to recognize them. Though phishing attacks can sometimes be difficult to spot, they often have common characteristics that give them away (like a sense of urgency and poor grammar). In addition to recognizing these attacks, using anti-phishing solutions that block dangerous phishing websites, can help you further enhance your online security. We’ll review the most common signs of a phishing attack in detail below.
• Think before you act. When you receive an urgent email (e.g., with a subject like “Action required”), make sure you think before you do anything — use the SLAM method. Take the time to ensure the sender’s email address is legitimate by visiting the company’s official website or contacting the company at a number you trust (not one from the message). It’s highly unlikely that a legitimate company would expect you to take action the second you receive an email — so it’s best to slow down and carefully think it through.
• Keep software up to date. Regularly updating your software generally improves your cybersecurity and can help defend against phishing campaigns. Software (and browser) updates often contain the latest security patches to keep you safe against constantly evolving threats.
• Set spam filters for email. Most email providers allow you to set spam filters — specific filtering rules that keep out unwanted or potentially malicious emails. You can set these filters to look for specific criteria and stop emails that match the criteria from reaching your inbox. With the help of spam filters, you can automatically reduce the number of fraudulent emails you receive.
• Use multi-factor authentication (MFA). While setting up multi-factor authentication won’t prevent phishing attacks, it may help protect your accounts from attackers. Multi-factor authentication asks account owners to authorize login attempts using a special code or a second device. While the attackers may have your login credentials, they hopefully won’t be able to authorize the login and reach the account.
• Consider using a password manager. A password manager is a specialized tool that lets you securely create, store, and autofill your passwords. Password managers typically generate strong, unique passwords you don’t have to remember and autofill them for known websites. Plus, your passwords are stored in an encrypted vault, so even if attackers succeeded in accessing your device, they wouldn’t be able to steal your passwords. Check out more information about the NordPass password manager.

How to recognize phishing scams

Learning to recognize phishing scams is crucial. Most phishing campaigns have similar characteristics. Here are the most common.

• A sense of urgency. Most attackers want to create a false sense of urgency so that you take action before you can think your actions through. The less time you have to think about what you’re doing (e.g., entering your login credentials), the less likely you are to notice the warning signs. If an email or a text message sounds unusually urgent and asks you to take action immediately, take a moment to pause and carefully review the message.
• First-time or infrequent senders. While it’s possible to get an email from someone legitimate who has never emailed you before, it’s worth treating such emails with caution. If you receive an email marked as “External” or from a sender you don’t recognize, slow down and review the email carefully. Also, some companies would never use various messaging apps to contact you. For example, various Telegram scams could try to look like legitimate companies. If it feels off, you’re probably onto something.
• Mismatched email domains. If you get an email supposedly from a reputable company like NordVPN or your bank, but the sender’s email address uses another domain (like Gmail.com), it’s probably a phishing scam. Also, watch out for slight misspellings of legitimate domain names (e.g., @n0rdvpn.com) — scammers often use these to trick users.
• Bad spelling or grammatical errors. Cybercriminals rarely spell-check their content, so phishing emails and text messages are often littered with mistakes. While sometimes these errors result from awkward translation practices, other times they may be a deliberate approach. Scammers want to avoid people who notice these mistakes because they’re more likely to realize it’s a scam before they part with their money.
• Generic greetings. When you get a legitimate email from a company about a product you use, it typically won’t have a generic greeting (like “Dear customer”). You will most likely have provided your name when signing up for their services, and most companies use personalization to make emails more engaging. If you receive an email with a generic greeting, it may be fraudulent.
• Suspicious files or links. Most phishing attacks include suspicious attachments or links you’re urged to interact with. Legitimate companies (like banks) won’t send you emails with direct login links or attachments to open — so if you get such an email, it’s most likely a phishing scam. If you’re suspicious about a link, you can check if it’s legitimate by hovering over it with your mouse until its actual URL appears. With scam links, it’ll likely be a string of numbers that don’t look like the company’s web address. And always check for typos in the links so you don’t fall for a typosquatting attack.
• Asking for empathy or compassion. Marijus Briedis, CTO at NordVPN, explained that the most common scam on Facebook consists of a post containing some variation of “I can’t believe he’s gone. I’ll miss him so much” and a link. Watch out for phishing scams that exploit your empathy or compassion by urging you to share personal information. Be wary of emails that tug at your heartstrings or ask for financial help. Always verify the legitimacy of such requests before taking any action.

For more information, check out our article on how to protect yourself from phishing emails.