What To Do if You Click on a Phishing Link (2024)

If you click on a phishing link you should immediately disconnect your device from the internet, scan your device using antivirus software and keep a lookout for suspicious activity and transactions on your online accounts.

Continue reading to learn what a phishing link is, what could happen if you click on a phishing link and how to avoid clicking malicious links.

What Is a Phishing Link?

A phishing link is a malicious link that cybercriminals send in phishing emails and text messages. Phishing is a type of social engineering attack that aims to get victims to disclose sensitive information. When carrying out phishing attacks, cybercriminals will often display a sense of urgency and pretend to be someone the victim knows, such as a family member, friend, coworker or familiar organization.

When cybercriminals send you phishing links, they urge you to click on them – but clicking these links can place your sensitive information at risk of being compromised by the cybercriminal.

What Happens if You Click on a Phishing Link?

If you click on a phishing link two things can happen: malware can immediately start downloading on your device or you’ll be directed to a spoofed website.

Malware can download on your device

Malware is malicious software that can do different things depending on the type. For example, spyware can spy on you and even access your device’s camera and microphone. Keylogging software, also called keyloggers, can track your keystrokes to determine your sensitive information, like the login credentials to your online accounts.

You’ll be directed to a spoofed website

A spoofed website is a site that is designed to look legitimate so victims are more inclined to enter their information into it. For example, a spoofed website could be created to look exactly like Amazon.com. Since it looks like Amazon’s website, the victim will be inclined to log in using their account’s login credentials. However, entering your login credentials onto a spoofed site means you’re essentially handing them over to cybercriminals, which they can then use to take over your actual Amazon account.

Depending on the cybercriminal’s goal, spoofed websites can also be designed to immediately infect a victim’s device with malware upon visiting the site.

3 Steps To Take if You’ve Clicked on a Phishing Link

If you click on a phishing link here are three steps you need to take.

1. Disconnect your device from the internet

The very first step you should take after discovering you’ve clicked on a phishing link is to disconnect your device from the internet. This can prevent malware from being able to fully download on your device and prevent other devices connected to the same network from being infected as well.

2. Scan your device using antivirus software

Next, you’ll want to scan your device using antivirus software. Antivirus is a program that can be installed on your computer or phone that prevents, detects and removes known malware and viruses. While it’s best to have antivirus software already installed on your devices, if you don’t already have one you’ll want to download one. To download antivirus software you’ll have to connect to the internet. Before you connect back to your internet, make sure no other devices are connected to it and that your router’s software is up to date.

3. Keep a close eye on your online accounts for suspicious activity

While antivirus software may have removed the malware from your device, you never know what a cybercriminal could have gotten away with. You’ll want to continue keeping a close eye on your online accounts for suspicious activity and unusual transactions. The sooner you notice suspicious activity, the sooner you can act against it. As an extra precaution, we recommend placing a fraud alert with one of the credit bureaus to prevent cybercriminals from gaining access to your credit and opening accounts in your name.

If you notice any suspicious activity on your accounts, immediately change your passwords for those accounts to strong ones. Use a password generator when creating passwords for your accounts to ensure they follow password best practices. In addition to a strong password, enable Multi-Factor Authentication (MFA) for those accounts whenever it’s an option. MFA adds additional layers of security to your accounts since it prevents anyone from being able to log into your account without providing additional authentication.

How To Avoid Clicking on Phishing Links in the Future

The best way to keep yourself safe from phishing links is to avoid clicking them in the first place. Here are a few tips to help you avoid clicking phishing links.

Learn to spot phishing attempts

Phishing has become one of the most prevalent cyber threats facing both organizations and individuals. The best way to stay safe from phishing and avoid clicking on phishing links is to learn how to spot them.

Here are some of the most common indicators that an email or text message is actually a phishing attempt.

Urging you to click on a link
Asking you to provide personal information
Sending unsolicited links and attachments
Threatening you with serious consequences
Too-good-to-be-true offers
Demanding payments be made immediately
Misspelled words and grammatical errors

Navigate to the company’s website or application yourself

If you receive an email or text message that seems to come from a company you have an account with and it asks you to click on a link provided, don’t click it. Instead, go to the company’s website or application yourself to ensure you don’t accidentally click on a phishing link.

Check the safety of links before clicking on them

If you’re sent links you weren’t expecting, it’s best to avoid clicking them. However, if you feel the need to click on a link, check that it is safe before doing so. There are two ways you can check the safety of a link: hover your mouse over the link or use Google Transparency Report. We recommend doing both as an extra precaution.

Hover your mouse over the link: It’s only possible to hover your mouse over a link if you’re on a computer. You do this by placing your mouse’s cursor on the link, but not clicking on the link itself. On the bottom left-hand corner of your screen, you’ll see the full website address, also known as the URL. Look closely at the website address to ensure nothing looks unusual. As an example, if the link is supposed to take you to Amazon.com, be sure that the website address displays that. It’s common for cybercriminals to replace a letter or more in a website’s URL. For example, cybercriminals may replace the “o” in Amazon with a zero. If anything about the website address is unusual, don’t click it.

Google Transparency Report: If you think the website address looks normal, safely copy the link by right-clicking your mouse and selecting “Copy Link Address” from the drop-down that appears. Once you’ve safely copied the link, paste it into Google Transparency Report by right-clicking your mouse and selecting “paste” from the drop-down menu, then hitting “enter” on your keyboard. If the report says that the site is not safe to go on, do not click on the link.

Don’t Fall Victim to Phishing Links

Phishing threats are continuing to increase and become more advanced, making it important to learn how to spot them so you can avoid accidentally clicking on a phishing link. It’s also just as important to improve your cyber hygiene to mitigate the damage a cybercriminal can cause if you accidentally do click a phishing link.

One of the most important steps you should take to better your cyber hygiene is protecting your online accounts with strong passwords and MFA. Password managers like Keeper® can help you secure your online accounts by aiding in creating, managing and securely storing all your passwords. Keeper can also aid you in enabling MFA for your online accounts since it stores 2FA codes too.

Start a free 30-day trial of Keeper Password Manager today to start securing your online accounts and keep them safe from phishing threats.