Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I clicked on a link that I shouldn’t have. What should I do now?

Question:

I’m very careful with emails but one finally got me the other day. It was
innocuous in content and I clicked on “Click here for further details”. It went
to a blank page that the browser said it was unable to find. So, my first question is could a virus be installed, even though it didn’t go to another site?

Searching online, I found that that particular email is possibly used to
install a keylogger. It was purportedly from NACHA and referred to a canceled
ACH transaction. I went to Microsoft and they had me run SuperAntispyware and
called it a day. I have Avast and use also Eusing registry cleaner and
Malwarebytes. Since, I’ve installed Defender and Trusteer Rapport.
Superantispyware did find a trojan but I can’t be sure what it is.

So, I inactivated my online banking, which is awful as I use it every day. A
woman at the bank said her mother-in-law got another computer and uses it just
for financial transactions, as suggested by Clark Howard. So, I decided to do
that. But now, once I setup the new laptop, exactly what financial transactions
besides my banking, should I transact on it? I do not want to contaminate it of
course.

I’m wondering, can the virus pick up my credit card numbers that I enter on
websites where I make purchases? I usually use Amazon, Meijer, Overstock, but
what about websites where you don’t know about their security? I order
medications from Canada for example. I am driving myself crazy on this, afraid
they will get into my bank account and clean it out. I plan to reactive it and
go in and change the password on the new computer. I’m using a switch so I can
use my DSL for both computers. All this technology is rapidly whizzing past
me…

The short version is that while there can be no absolutes in a case like
this, I’m fairly certain that you’re OK.

There are several interesting aspects to your situation and the questions that
you’ve asked, so let’s have a look.

Become a Patron of Ask Leo! and go ad-free!

Does Not Found Always Mean Not Found?

The first question is a very intriguing one.

As I thought about it, I realized that anyone could make a fake page that
looked like a “Page not found” page. There are enough variants of “Page not found”
pages that we’re used to seeing that it probably doesn’t even have to be that
accurate. As long as it looks plausible, it’ll probably pass as legitimate.

“Quite often malware uses pages that have been hijacked
on legitimate web sites.”

And, of course, that page could have hidden on it some Javascript or other
scripting that could either trick you into installing a keylogger, or perhaps
make use of a security hole to do so.

Before you get too scared, though, I’ll also say that I suspect this is
pretty unlikely.

Not only is not-found fakery fairly rare, the fact that you (presumably)
didn’t have to do anything – like accept a download or click on a
popup – is a pretty good sign that this was probably a legitimate “Page not found”
page.

Quite often, malware uses pages that have been hijacked on legitimate web
sites. Once the website owner determines that their site has been violated, they
take the pages down – resulting in a very legitimate “not found” error.

Security Software Soup

You’ve got quite a few security packages – probably more than you really
need. However, packages like Malwarebytes and some of the others that you have listed
give me some additional confidence that your machine escaped unscathed.

Even though something appears to have been found on your machine, it wasn’t
labeled as a keylogger (that would have been more concerning), and presumably, it
has been removed. It could be completely unrelated to the link that you clicked on. In fact, I’m tempted to call it a likely false positive, but that’s just a gut feel without all the details.

Using a Separate Machine

Many computer security folks recommend using a second machine dedicated to
online banking and similar kinds of transactions. Some even go so far as to
recommend that it not be a Windows-based machine.

While I stop short of recommending that extreme approach – I’m of the
opinion that good security habits and good security software are all that most
people need – I certainly wouldn’t disrecommend it. It does add a
layer of security for the most important accounts.

So, if the idea is to restrict what happens on that machine, just what
should you restrict it to?

Piggybank & Mouse

My take: restrict it to banking and financial accounts where, if breached, unauthorized
intruders could:

  • Withdraw or transfer money to themselves

  • Access personal information that would enable identity theft

  • Cause you significant, uninsured financial loss

In other words, I’d restrict most bank and brokerage accounts, as well as any online
financial planning tools.

Any site that allows you to display your important personal information
is probably worth relegating to this dedicated machine.

And I would then restrict that machine to be used only for those sites, and
with no email installed. If you need to “click a link” in some email that
purports to be from one of your restricted institutions, don’t. Instead, visit
the institution’s website directly and navigate as appropriate to whatever it
is you’re attempting to do.

I would not bother with sites where you make online purchases. My concern is
that the more sites that you visit on the “secure” machine, the greater the risk for accidental contamination.

My rationale is that the majority of credit card purchases are protected by
the credit card issuer. Even in the unlikely event that your transaction were
captured due to malware on your machine, you’re still likely to have only
limited financial liability – though the inconvenience may be significant.

The Bottom Line

Changing your password (and possibly your password recovery information –
see Is
changing my password enough?
) at your financial institution is prudent.
Even thought the risk of compromise is low from what I understand of your
situation, the cost of failure is high so it just makes sense.

Beyond that, my sense is that you’re taking the right steps and doing the
right things.

Keep an eye on your bank account (from a separate machine, if you like), and
your credit card statements in the coming weeks and months as an extra
double-check, but my opinion is that you can relax a little; you’ll be
fine.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

4 comments on “I clicked on a link that I shouldn’t have. What should I do now?”

  1. I also recommend a ‘Live’ Linux CD like ‘Mint’ that you can boot from and go do your online banking and shopping. It’s Linux AND it’s read only so you’d be pretty secure as long as you don’t go checking webmail accounts and following malware and phishing links! :)

    Reply
  2. I’d agree with JustInspired. If you’re seriously concerned about sensitive information being accessed while you’re on-line, a Live Linux Distro is often an ideal solution, provided you know how to configure your internet connection in a Linux environment once you’ve booted. I’ve used Puppy Linux since Version 4. The current 5.11 version is very quick to load and configure.

    Reply
  3. I also like the LiveCD idea. It’s a lot cheaper than a new computer!

    As to what flavor of Linux, Ubuntu might also be a good choice. It configured itself on my computer as easily as Windows….I had internet access immediately.

    Reply
  4. My internet banking connection uses a key fob style number generator. The unique number changes each time and can only be used once. As I understand it this significantly increases the effective security level. My credit card also requires additonal information which changes each time, but this is based on a larger password and so could be hacked over time.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.