What to do in that moment of regret.
It depends on exactly what happened, and more importantly, what you did next.
Become a Patron of Ask Leo! and go ad-free!
The most common result of clicking on a phishing link is that you’ll be taken to a fake site asking you to sign in to one of your online accounts. As long as you don’t, chances are you’ll be fine. If you do mistakenly provide your credentials, your account could be hacked in mere moments. More complex phishing attempts may attempt to download and install malware. In all cases, take all steps to secure and recover your accounts and secure your machine.
A click is just a click, usually
Most of the time, clicking a link just brings up a webpage.
In the case of attempted phishing, the webpage may look like some other site you might recognize, but it won’t be that site at all. Nine times out of ten, it’ll be a sign-in page, and you’ll be asked to sign in to the account the page is trying to look like.
As long as you don’t sign in, not much happened. Your browser will have displayed a page, and that’s all.
My recommendation is that you close the tab containing the page. I’d also have you keep an eye out for suspicious behavior on your computer, like suddenly increased CPU usage or file activity.
Most phishing attempts merely ask for your credentials. As long as you don’t enter them, all is usually fine.
If, on the other hand, you did attempt to sign in to the fake site using your credentials for the site it was attempting to impersonate, things are worse.
The moment you realize what happened:
- Close the tab.
- Visit the real site using a URL you know or a bookmark you’ve previously saved.
- Change your password.
- Review your account recovery information.
If you can’t sign in, the hacker behind the (now successful) phishing email may have already changed your password. If so, your account has been hacked.
You’ll need to follow the account recovery instructions provided by the service and attempt to get your account back. If you do, change your password and review your account recovery information (in case the hacker changed that).
You also need to review what’s in the account for two critical things:
- If the hacker made and downloaded copies of whatever is stored in your account, you need to consider how much of a problem that might be. There’s no way to know if they actually did this, but you should be prepared, nonetheless. It could be as simple and as common as downloading your contacts. However, if your account has access to private data for yourself or for others, consider the possibility that this data is now in the hacker’s hands. What you do next will depend on your situation.
- Also review whether having access to the contents of your account would alert the hacker to know other accounts you have, and what might be valuable in them. If the hacker has access to the account for long enough, they could use your account to hack other linked accounts. For example, if it’s your primary email account that the hacker gained access to, they might perform account recovery on a different account they can see you have, and hack into that by virtue of having access to your account recovery email.
As soon as you attempted to sign in to the fake page, you’ve essentially handed over your log-in credentials to the hacker.
If you did more after that, it’s possible you gave the hacker more information.
It’s not as common, but accidentally clicking on a phishing link can sometimes cause malware to be downloaded to your computer. It can cause malware to be downloaded and run.
If you suspect this might be the case — and perhaps even if you don’t — as soon as you realize what happened, run a complete anti-malware scan using your security software to see if there’s anything out of place on your machine.
Hopefully, nothing will turn up.
When in doubt, assume the worst
If you accidentally click on a phishing link and you’re not really sure what happened, it’s safest to assume the worst.
That means you should assume the account in question has been hacked. You should take steps immediately to secure it, beginning with changing the password.
Unfortunately, it also means that your machine might have been compromised. You should run full anti-malware scans using your security software right away.
There’s a good chance nothing will turn up, and that’s good.
But you still need to remain on guard for anything suspicious that might have resulted from clicking that phishing link.