What to do if you click on a phishing link

“Oh, no – I accidentally clicked a phishing link! Does that mean I’ve been hacked? Does my phone have a virus now!?” If you’ve ever been tricked into opening a fraudulent link in a phishing email, a text message from a strange number, or a sketchy website, you’ve probably experienced this moment of alarm.

Instead of panicking, follow these steps to reduce your risk.

by Alyssa Schmitt

I clicked on a phishing link – what do I do now!?

If you realize you’ve fallen for a phishing scam in an email or text message, it’s important to act quickly to protect your device and your data. Your next step will be determined by whether you simply clicked on the phishing link, or if you also entered information like personal data or passwords. Keep reading to learn:

1. What to do if you only clicked on a phishing link
2. What to if you entered data on a phishing page
3. How to protect your accounts with strong passwords
4. How to recognize phishing messages

I clicked on a phishing link but closed immediately and did not enter any data

Maybe you accidentally clicked on a phishing link but then quickly realized your mistake. If you never reached the step of entering account logins, passwords, payment details, or other personal information after being redirected to a fake page, in one sense the scammer has come away empty-handed. They haven’t been able to grab your data right away.

Unfortunately, this does not mean you are home-free. By clicking on a phishing link, you may have triggered the installation of malware or spyware on your device. So to be on the safe side, you should do the following immediately:

1. Disconnect from the internet if your device is currently connected, either by turning off Wi-Fi and/or mobile data in your device settings or switching off your router. This helps prevent malware from spreading to other devices in your network and hackers from accessing your device.
2. Run a virus scan to determine whether your device has infected by malware. (This can be done offline.) If the scan turns up anything, follow the antivirus program’s instructions to quarantine and delete the malware.
3. Back up your most important data, e.g., financial information on your computer or family photos on your smartphone, to cloud storage or an external drive. This will help prevent data theft if your device has been infected with a virus or ransomware.
4. Change the passwords of your most important online accounts (online banking, email, payment platforms, etc.) using a different device. This is a precaution in case spyware has been installed on your device.
5. Be vigilant in the next few days and watch for possible signs of a malware infection, e.g., your laptop is suddenly unusually slow or crashes frequently or you see unusual pop-ups. Even if your virus scan did not turn up anything, if there is a sudden change in your device’s performance after clicking a phishing link, contact an expert.

If you accidentally click on spam link, it does not always mean that your device will be infected with malware – you might be lucky and escape with just a scare.? However, it’s always best to assume the worst and go through the steps above. Take this as a learning moment that helps you be more cautious in the future!

To protect yourself against future cyberattacks, please also ensure that your operating system (on every device!) is kept up to date. And if you don’t have a good antivirus program on your device, let this be a wake-up call that you should install one.

I clicked on a phishing link and entered data

If you not only clicked on a phishing link, but also entered information like personal data or passwords, it is important that you take the following steps immediately as soon as you realize your mistake:

1. As discussed above, you should immediately disconnect your device from the internet to prevent or interrupt any malware downloads.
2. If you have been tricked into entering your login data for an online account (e.g., online banking, your Amazon account, your mail.com email) you should immediately change your password for the compromised account (but please use a different device than the one you just disconnected from the internet). Changing your password will cut off the hackers’ access to the account, and using a different device is an important precaution in case malware such as spyware was installed when you clicked the link.
3. If you are unable to log in because the hackers have already changed the account password, try to reset the password using the account’s recovery option to lock out the hackers as quickly as possible.
4. If you are denied access and are unable to change your password yourself, contact the customer service of the hacked account immediately.
5. Once you gain access to the account for which you entered the data on the phishing page, immediately check whether any changes have been made that would allow the hackers continued access to the account. For example, check your contact information, password recovery options, and, in the case of a compromised email account, the email forwarding rules.
6. See if any actions have been carried out that did not originate from you, e.g., whether money has been transferred or purchases have been made from the account. If this has happened, contact customer service – they may still be able to cancel the transactions. You may also need to contact your credit card company or file a police report.
7. Once you have secured your accounts, turn your attention back to your device. Perform a virus scan as described above – and be vigilant in the coming days for any changes in the performance of your device.
8. To be on the safe side, change the passwords of your other important online accounts (payment services, bank, email) using a different device.

Pro tip: Creating a strong password

As you reset your account passwords, you may notice that you have older passwords that no longer meet the latest recommendations for a secure password. Make sure that your new passwords are at least twelve characters long and contain upper- and lowercase letters, numbers, and special characters. Do not use a single word that can be found in a dictionary (no matter how unusual) or your name or date of birth.

For an easy-to-remember password that is also secure, our expert recommends using a series of words or a short phrase separated by a special character such as a dash, e.g., “1-Desk-2-brown-chairs”. It is also very important to use a unique password for each online account – so that even if one of your accounts is compromised, your other accounts remain safe. If you’d like more details, see our explainer: How secure is my password?

How to recognize phishing messages

The best way to avoid the risks that come with clicking on a phishing link is to steer clear of scam messages altogether. But how do you know if a message is real or fake? Unfortunately, the new generation of AI tools have made it much easier to produce phishing content that is hard to distinguish from the real thing. Scammers can now produce convincing copies of companies’ logos and message style.

That said, phishing schemes often follow specific patterns – so you should exercise caution if you receive:

• Emails or texts claiming to be from the customer service of a large online retailer like Amazon or Apple, stating that there is a problem with your payment information. These messages usually state that your payment has been declined and ask you to click a link and reenter your credit card details.
• Emails or texts claiming to be from a bank or other financial institution asking you to confirm financial or personal data by clicking a link and logging in with your username and password.
• Emails or texts telling you that a company has noticed suspicious activity in your account. Again, the message will ask you to click a link and log in with your username and password.
• Emails or texts claiming to be from a delivery company stating that there is a problem with a shipment – e.g., more postage is required or the delivery will be delayed. You are invited to click a link to make a payment or track your parcel.

And these are just a few examples of the many phishing scams that are currently making the rounds!

What you should keep in mind is that legitimate banks, insurance companies, online retailers, etc. are all aware of the phishing epidemic and will never ask you to provide login or other personal information by clicking a link in an email or text. So if you receive a message asking you to do just that, you can assume that it is a fake. If you are uncertain and think action might be required, ignore the provided link and instead log into the account in question in your usual manner.

If you’d like to learn more about phishing messages, check out our explainer: Phishing emails: How to protect yourself

Now you know what to do if you click a phishing link and how to avoid them in the first place. If you found this information useful, please give us some feedback!

Still don’t have a mail.com account? Sign up for free today!

Images: 1&1/GettyImages