Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Happens If You Click a Bad Link?

What to do in that moment of regret.

Accidentally clicking a malicious link might be benign if you catch it soon enough. I'll review what makes the difference, and what steps you need to take next.
Regret
(Image: canva.com)
Question: What do you do if you click on a phishing link? Am I screwed?

It depends on exactly what happened, and, more importantly, what you did next.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Clicking on a bad link

The most common result of clicking on a malicious link is that you’ll be taken to a fake site asking you to sign into one of your online accounts. As long as you don’t, chances are you’ll be fine. If you do mistakenly provide your credentials, your account could be hacked in moments. Complex phishing attempts may attempt to download and install malware. In all cases, take steps to recover and secure your accounts and your device.

A click is just a click, usually

Most of the time, clicking a link just brings up a webpage.

In a phishing attempt, the webpage may look like a site you recognize, but it won’t be that site at all. For example, the link may claim to be PayPal, and the page you land on may look like PayPal, even though it’s not PayPal at all.

Nine times out of ten, it’ll look like a sign-in page, and you’ll be asked to sign in to the account the page is trying to look like. With our PayPal example, that means you’ll see what looks like a PayPal sign-in page, and you’ll be asked to enter your PayPal credentials.

DON’T.

As long as you don’t try to sign in, not much has happened. Your browser’s displayed a webpage, and that’s all.

Immediately close the tab containing the fake page. Most phishing attempts merely ask for your credentials. As long as you don’t enter them, all is usually fine.

Sign-in failed

If, on the other hand, you did attempt to sign in to the fake site using your credentials for the site it was attempting to impersonate, things are much worse.

As soon as you attempted to sign in to the fake page, you essentially handed over your login credentials to the hacker.

The moment you realize what happened:

  • Close the tab.
  • Visit the real site using a URL you know or a bookmark you’ve previously saved. For our example, you’d explicitly go to paypal.com.
  • Immediately change your password.
  • Review your account recovery information. Update anything incorrect or out of date.

If you can’t sign in, the hacker behind the (now successful) phishing scheme may have already changed your password. If so, your account has been hacked.

You’ll need to follow the account recovery instructions provided by the service and attempt to get your account back. If you do, change your password and review your account recovery information in case the hacker changed it.

Malicious activity

Once you’re in the account, you also need to review several critical things.

Downloaded information

If the hacker downloaded copies of whatever is in your account, you need to consider how much of a problem that might be. There’s no way to know if they actually did this, but you should be prepared. It could be as simple and as common as downloading your contacts. However, if your account has access to private data, consider the possibility that this data is now in the hacker’s hands. What you do next will depend on your situation.

Unauthorized transactions

Check your account for emails you didn’t send, transactions you didn’t make, or other activities you did not initiate. Particularly with financial accounts, like our PayPal example, all the hacker needs to do is transfer money out of your account before you notice. The sooner you do notice, the greater the chance you can recover.

The chain of account access

Review whether having access to the contents of your account would alert the hacker to other accounts you have, and what might be valuable in those other accounts. Your email account can be a gateway to many other accounts, including financial ones.  For example, they might perform account recovery (“I forgot my password”) on other accounts you have, hacking into them because they have access to the account recovery email.

Malware delivery

It’s rare these days, but accidentally clicking on a phishing link can cause malware to be downloaded and run on your computer.

While it’s serious, it’s not something I worry about a lot. Normally, you’ll get plenty of notices from your browser or security software.

However, if you suspect this might be the case, run a complete anti-malware scan to see if there’s anything out of place on your machine.

Hopefully, nothing will turn up.

Do this

When in doubt, assume the worst. If you accidentally click on a phishing link and you’re not sure what happened, it’s safest to assume the account in question has been hacked. Take steps immediately to secure it, beginning with changing the password.

You should also use your security software to run full anti-malware scans right away.

There’s a chance nothing will turn up, and that’s good. Remain on guard for anything suspicious that might have resulted from clicking that malicious link.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Can I get hacked by clicking on a malicious link?

Yes, you can get hacked by clicking on a malicious link. It’s not clear how common this is, but it’s possible. The most common scenario is that you don’t recognize it’s malicious until after you’ve entered login credentials on a fake phishing site, giving a hacker your information. Other possibilities include the link being a download of malware or a browser-based exploit. This is why it’s so important to not click on links in emails you’re not sure of.

How do I know if I clicked a phishing link?

It can be difficult to know if you’ve clicked on a phishing link. The most common way is to compare the URL that appears in the browser’s address bar with your expectation of the website you would be taken to by the click. If the displayed URL is not what you expect, and especially if the resulting page is asking for sign-in credentials, close the browser tab immediately.

How can I tell if I have been hacked?

In general, the most common signs that suggest you’ve been hacked include not being able to sign in to an account or seeing explicit pop-up messages from ransomware. In the former case, a hacker has somehow gained access to your account and changed the password. In the latter case, your machine has been compromised by malware that has encrypted your files and is holding them for ransom.  It’s important to realize that there may be no immediate or outward sign of your account or machine being hacked. Hackers often try to hide the fact that they have access.

[/al_cta]

11 comments on “What Happens If You Click a Bad Link?”

  1. What I would do, is IMMEDIATELY click on “CCleaner” if I have it or second best, is to try downloading and installing the free edition of “SuperAntiSpyware.Com” PLUS “Ccleaner” and run the “Superantispyware” first then “CCleaner”
    The first, mostly will remove any installed Spyware and the second, will remove any traces of downloaded UN-NEEDED cookies.

    Reply
  2. Phishing and drive-by malware are two different things but it’s possible a phishing link will give you the double whammy Leo talked about, although, I’d imagine a phishing site is just a phishing site and the phishers wouldn’t bother to inject malware along with the phishing attempt.

    To avoid phishing sites, never click on a link in an email. If you’re not sure if it’s fake. Go to the website in question by manually typing in the URL, clicking on the bookmark in your browser, or using a password vault like LastPass as a bookmark to log in.

    The NoScript extension for Firefox can mitigate against drive-by attack by blocking JavaScript from executing by default. You have to enable JavaScript for each site that you trust as you visit that site. It a PITA in the beginning as you have to enable JavaScript for every new site you visit, but once you’ve given that website permission to execute JavaScript, you won’t have to enable it again the next time you visit that site. Not clicking on links in emails and questionable links on websites helps prevent both kinds of attack.

    Another couple of things to mitigate phishing attacks.
    1. Use 2 factor authentication. If you accidentally give away your password, they still can’t get in as they would need the second factor to get in.
    2. Use a different password for every account. If you have the same password and email address for your Facebook account and your email account, once they have the password for one account, they have it for every account that uses those credentials.

    Reply
  3. I mistakenly clicked on a link and I can’t access my account again.The hacker already changed my password and everything.Please what can I do?

    Reply
  4. I accidentally clicked a link, and it took me to an empty page. After a few seconds, I closed it, but it seems that I’m able to log into any account that I often use without any problems. I have used Webroot several times to test for any malware since then, and it has reported no threats. It seems that I’m OK, but should I still be concerned about lingering effects of that click? If so, what should I do?

    Reply
  5. The phishing website I opened didnt finish loading, or it might have got stuck loading. Does that mean my device is safe? Thank you (I ran my anti virus app and it didnt detect anything)

    Reply
    • Unless you enter your login information, you’re safe from phishing. There’s remote possibility that that site could install drive by malware, but I wouldn’t expect that hackers would mix phishing with a drive-by on their site. although it’s possible.

      Reply
  6. Thank you, Leo, so much for addressing this. I did something stupid a few nights ago in an email that I thought I could trust, because the name was contained in a mailing list of a friend. I had a few clues, though, telling me I shouldn’t have clicked: Instead of addressing me directly, it said, “Hi There!” Hmm. To make a long story short, I clicked on something that said “Link”, but it took me to a URL that never opened up– and which looked like Firefox was blocking anyway, since I have “https everywhere” turned on (forget what that’s called). It had a red line thru the address in the top of the page, so I didn’t actually click on the link… I clicked on something directing me to a link. I got out of there as quickly as possible, and didn’t give them any info. Then I reported it to my friend, and also to FCC (FTC?), which has a form you can fill out for these incidents. I also ran MalwareBytes and made sure my virus scan data was up to date. So anyway, your article has given me more peace of mind. Haven’t checked my file or disk data, but everything seems to be running fine. Thanks again. (Later) just noticed that I have built in phishing and malware attacks via FF (Mozilla). Whew! A good setting to have turned on, if you use that browser.

    Reply
  7. Well, there’s a first time for everything. They finally got me. The scammers successfully got me to click on a link in an email that I thought was taking me to a government website to look at an updated form. It was late, and the email had an official look, but one that I wouldn’t have fallen for if I read in earlier in the day. The scammers probably know that we oldsters get tired early, and probably a bit sloppy in our vetting later at night. Anyway, I clicked on the link.
    Instead of it taking me to a site and displaying a form, it went to my “Downloads” in my Firefox browser. Then the alarm went off. Better late than never, I hope. First I took a screen shot of the downloads where it showed the file name. Then I went to the location of the file and deleted it, forthwith. When I felt less pressured to be rid of the scourge, I took a good look at the file. Aside from some odd domain names showing up that had no apparent ties to the government, which should have tipped me off sooner, I saw that the file was a “.wsf” file. When I looked at what that was, I knew that I’d have been in big trouble if I’d have opened the file, as it appears to be an executable type that could wreak havoc on my life and machine.
    I ran Superantispyware, Bleachbit,Malwarebytes junk removal tool, Windows Security Essentials “Quick” scan, and did a search on my machine for the file of the name in the download. It appears to be gone. I use the performance monitor gadget on my desktop and haven’t seen any odd numbers showing up. So, fingers crossed.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.