Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Should I Do If I Accidentally Click on a Phishing Link?

What to do in that moment of regret.

Accidentally clicking a phishing link might be benign if you catch it soon enough. If not, you may need to take recovery actions to save your account and/or machine.
Question: What do you do if you click on a phishing link? Am I screwed?

It depends.

It depends on exactly what happened, and more importantly, what you did next.

Become a Patron of Ask Leo! and go ad-free!


The most common result of clicking on a phishing link is that you’ll be taken to a fake site asking you to sign in to one of your online accounts. As long as you don’t, chances are you’ll be fine. If you do mistakenly provide your credentials, your account could be hacked in mere moments. More complex phishing attempts may attempt to download and install malware. In all cases, take all steps to secure and recover your accounts and secure your machine.

A click is just a click, usually

Most of the time, clicking a link just brings up a webpage.

In the case of attempted phishing, the webpage may look like some other site you might recognize, but it won’t be that site at all. Nine times out of ten, it’ll be a sign-in page, and you’ll be asked to sign in to the account the page is trying to look like.

As long as you don’t sign in, not much happened. Your browser will have displayed a page, and that’s all.

My recommendation is that you close the tab containing the page. I’d also have you keep an eye out for suspicious behavior on your computer, like suddenly increased CPU usage or file activity.

Most phishing attempts merely ask for your credentials. As long as you don’t enter them, all is usually fine.

failed

If, on the other hand, you did attempt to sign in to the fake site using your credentials for the site it was attempting to impersonate, things are worse.

The moment you realize what happened:

  • Close the tab.
  • Visit the real site using a URL you know or a bookmark you’ve previously saved.
  • Change your password.
  • Review your account recovery information.

If you can’t sign in, the hacker behind the (now successful) phishing email may have already changed your password. If so, your account has been hacked.

You’ll need to follow the account recovery instructions provided by the service and attempt to get your account back. If you do, change your password and review your account recovery information (in case the hacker changed that).

You also need to review what’s in the account for two critical things:

  1. If the hacker made and downloaded copies of whatever is stored in your account, you need to consider how much of a problem that might be. There’s no way to know if they actually did this, but you should be prepared, nonetheless. It could be as simple and as common as downloading your contacts. However, if your account has access to private data for yourself or for others, consider the possibility that this data is now in the hacker’s hands. What you do next will depend on your situation.
  2. Also review whether having access to the contents of your account would alert the hacker to know other accounts you have, and what might be valuable in them. If the hacker has access to the account for long enough, they could use your account to hack other linked accounts. For example, if it’s your primary email account that the hacker gained access to, they might perform account recovery on a different account they can see you have, and hack into that by virtue of having access to your account recovery email.

As soon as you attempted to sign in to the fake page, you’ve essentially handed over your log-in credentials to the hacker.

If you did more after that, it’s possible you gave the hacker more information.

Malware delivery

It’s not as common, but accidentally clicking on a phishing link can sometimes cause malware to be downloaded to your computer. It can cause malware to be downloaded and run.

That’s serious.

If you suspect this might be the case — and perhaps even if you don’t — as soon as you realize what happened, run a complete anti-malware scan using your security software to see if there’s anything out of place on your machine.

Hopefully, nothing will turn up.

When in doubt, assume the worst

If you accidentally click on a phishing link and you’re not really sure what happened, it’s safest to assume the worst.

That means you should assume the account in question has been hacked. You should take steps immediately to secure it, beginning with changing the password.

Unfortunately, it also means that your machine might have been compromised. You should run full anti-malware scans using your security software right away.

There’s a good chance nothing will turn up, and that’s good.

But you still need to remain on guard for anything suspicious that might have resulted from clicking that phishing link.

11 comments on “What Should I Do If I Accidentally Click on a Phishing Link?”

  1. What I would do, is IMMEDIATELY click on “CCleaner” if I have it or second best, is to try downloading and installing the free edition of “SuperAntiSpyware.Com” PLUS “Ccleaner” and run the “Superantispyware” first then “CCleaner”
    The first, mostly will remove any installed Spyware and the second, will remove any traces of downloaded UN-NEEDED cookies.

  2. Phishing and drive-by malware are two different things but it’s possible a phishing link will give you the double whammy Leo talked about, although, I’d imagine a phishing site is just a phishing site and the phishers wouldn’t bother to inject malware along with the phishing attempt.

    To avoid phishing sites, never click on a link in an email. If you’re not sure if it’s fake. Go to the website in question by manually typing in the URL, clicking on the bookmark in your browser, or using a password vault like LastPass as a bookmark to log in.

    The NoScript extension for Firefox can mitigate against drive-by attack by blocking JavaScript from executing by default. You have to enable JavaScript for each site that you trust as you visit that site. It a PITA in the beginning as you have to enable JavaScript for every new site you visit, but once you’ve given that website permission to execute JavaScript, you won’t have to enable it again the next time you visit that site. Not clicking on links in emails and questionable links on websites helps prevent both kinds of attack.

    Another couple of things to mitigate phishing attacks.
    1. Use 2 factor authentication. If you accidentally give away your password, they still can’t get in as they would need the second factor to get in.
    2. Use a different password for every account. If you have the same password and email address for your Facebook account and your email account, once they have the password for one account, they have it for every account that uses those credentials.

  3. I mistakenly clicked on a link and I can’t access my account again.The hacker already changed my password and everything.Please what can I do?

  4. I accidentally clicked a link, and it took me to an empty page. After a few seconds, I closed it, but it seems that I’m able to log into any account that I often use without any problems. I have used Webroot several times to test for any malware since then, and it has reported no threats. It seems that I’m OK, but should I still be concerned about lingering effects of that click? If so, what should I do?

  5. The phishing website I opened didnt finish loading, or it might have got stuck loading. Does that mean my device is safe? Thank you (I ran my anti virus app and it didnt detect anything)

    • Unless you enter your login information, you’re safe from phishing. There’s remote possibility that that site could install drive by malware, but I wouldn’t expect that hackers would mix phishing with a drive-by on their site. although it’s possible.

  6. Thank you, Leo, so much for addressing this. I did something stupid a few nights ago in an email that I thought I could trust, because the name was contained in a mailing list of a friend. I had a few clues, though, telling me I shouldn’t have clicked: Instead of addressing me directly, it said, “Hi There!” Hmm. To make a long story short, I clicked on something that said “Link”, but it took me to a URL that never opened up– and which looked like Firefox was blocking anyway, since I have “https everywhere” turned on (forget what that’s called). It had a red line thru the address in the top of the page, so I didn’t actually click on the link… I clicked on something directing me to a link. I got out of there as quickly as possible, and didn’t give them any info. Then I reported it to my friend, and also to FCC (FTC?), which has a form you can fill out for these incidents. I also ran MalwareBytes and made sure my virus scan data was up to date. So anyway, your article has given me more peace of mind. Haven’t checked my file or disk data, but everything seems to be running fine. Thanks again. (Later) just noticed that I have built in phishing and malware attacks via FF (Mozilla). Whew! A good setting to have turned on, if you use that browser.

  7. Well, there’s a first time for everything. They finally got me. The scammers successfully got me to click on a link in an email that I thought was taking me to a government website to look at an updated form. It was late, and the email had an official look, but one that I wouldn’t have fallen for if I read in earlier in the day. The scammers probably know that we oldsters get tired early, and probably a bit sloppy in our vetting later at night. Anyway, I clicked on the link.
    Instead of it taking me to a site and displaying a form, it went to my “Downloads” in my Firefox browser. Then the alarm went off. Better late than never, I hope. First I took a screen shot of the downloads where it showed the file name. Then I went to the location of the file and deleted it, forthwith. When I felt less pressured to be rid of the scourge, I took a good look at the file. Aside from some odd domain names showing up that had no apparent ties to the government, which should have tipped me off sooner, I saw that the file was a “.wsf” file. When I looked at what that was, I knew that I’d have been in big trouble if I’d have opened the file, as it appears to be an executable type that could wreak havoc on my life and machine.
    I ran Superantispyware, Bleachbit,Malwarebytes junk removal tool, Windows Security Essentials “Quick” scan, and did a search on my machine for the file of the name in the download. It appears to be gone. I use the performance monitor gadget on my desktop and haven’t seen any odd numbers showing up. So, fingers crossed.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.