Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What Should I Do If I Accidentally Click on a Phishing Link?

What to do in that moment of regret.

Regret
(Image: canva.com)
Accidentally clicking a phishing link might be benign if you catch it soon enough. If not, you may need to take recovery actions to save your account and/or machine.
What do you do if you click on a phishing link? Am I screwed?

It depends.

It depends on exactly what happened, and more importantly, what you did next.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

The most common result of clicking on a phishing link is that you’ll be taken to a fake site asking you to sign in to one of your online accounts. As long as you don’t, chances are you’ll be fine. If you do mistakenly provide your credentials, your account could be hacked in mere moments. More complex phishing attempts may attempt to download and install malware. In all cases, take all steps to secure and recover your accounts and secure your machine.

A click is just a click, usually

Most of the time, clicking a link just brings up a webpage.

In the case of attempted phishing, the webpage may look like some other site you might recognize, but it won’t be that site at all. Nine times out of ten, it’ll be a sign-in page, and you’ll be asked to sign in to the account the page is trying to look like.

As long as you don’t sign in, not much happened. Your browser will have displayed a page, and that’s all.

My recommendation is that you close the tab containing the page. I’d also have you keep an eye out for suspicious behavior on your computer, like suddenly increased CPU usage or file activity.

Most phishing attempts merely ask for your credentials. As long as you don’t enter them, all is usually fine.

Sign-in failed

If, on the other hand, you did attempt to sign in to the fake site using your credentials for the site it was attempting to impersonate, things are worse.

The moment you realize what happened:

  • Close the tab.
  • Visit the real site using a URL you know or a bookmark you’ve previously saved.
  • Change your password.
  • Review your account recovery information.

If you can’t sign in, the hacker behind the (now successful) phishing email may have already changed your password. If so, your account has been hacked.

You’ll need to follow the account recovery instructions provided by the service and attempt to get your account back. If you do, change your password and review your account recovery information (in case the hacker changed that).

You also need to review what’s in the account for two critical things:

  1. If the hacker made and downloaded copies of whatever is stored in your account, you need to consider how much of a problem that might be. There’s no way to know if they actually did this, but you should be prepared, nonetheless. It could be as simple and as common as downloading your contacts. However, if your account has access to private data for yourself or for others, consider the possibility that this data is now in the hacker’s hands. What you do next will depend on your situation.
  2. Also review whether having access to the contents of your account would alert the hacker to know other accounts you have, and what might be valuable in them. If the hacker has access to the account for long enough, they could use your account to hack other linked accounts. For example, if it’s your primary email account that the hacker gained access to, they might perform account recovery on a different account they can see you have, and hack into that by virtue of having access to your account recovery email.

As soon as you attempted to sign in to the fake page, you’ve essentially handed over your log-in credentials to the hacker.

If you did more after that, it’s possible you gave the hacker more information.

Malware delivery

It’s not as common, but accidentally clicking on a phishing link can sometimes cause malware to be downloaded to your computer. It can cause malware to be downloaded and run.

That’s serious.

If you suspect this might be the case — and perhaps even if you don’t — as soon as you realize what happened, run a complete anti-malware scan using your security software to see if there’s anything out of place on your machine.

Hopefully, nothing will turn up.

When in doubt, assume the worst

If you accidentally click on a phishing link and you’re not really sure what happened, it’s safest to assume the worst.

That means you should assume the account in question has been hacked. You should take steps immediately to secure it, beginning with changing the password.

Unfortunately, it also means that your machine might have been compromised. You should run full anti-malware scans using your security software right away.

There’s a good chance nothing will turn up, and that’s good.

But you still need to remain on guard for anything suspicious that might have resulted from clicking that phishing link.

3 comments on “What Should I Do If I Accidentally Click on a Phishing Link?”

  1. What I would do, is IMMEDIATELY click on “CCleaner” if I have it or second best, is to try downloading and installing the free edition of “SuperAntiSpyware.Com” PLUS “Ccleaner” and run the “Superantispyware” first then “CCleaner”
    The first, mostly will remove any installed Spyware and the second, will remove any traces of downloaded UN-NEEDED cookies.

    Reply
  2. Phishing and drive-by malware are two different things but it’s possible a phishing link will give you the double whammy Leo talked about.

    To avoid phishing sites, never click on a link in an email. If you’re not sure if it’s fake. Go to the website in question by manually typing in the URL, clicking on the bookmark in your browser, or using a password vault like LastPass as a bookmark to log in.

    The NoScript extension for Firefox can mitigate against drive-by attack by blocking JavaScript from executing by default. You have to enable JavaScript for each site that you trust as you visit that site. It a PITA in the beginning as you have to enable JavaScript for every new site you visit, but once you’ve given that website permission to execute JavaScript, you won’t have to enable it again the next time you visit that site. Not clicking on links in emails and questionable links on websites helps prevent both kinds of attack.

    Another couple of things to mitigate phishing attacks.
    1. Use 2 factor authentication. If you accidentally give away your password, they still can’t get in as they would need the second factor to get in.
    2. Use a different password for every account. If you have the same password and email address for your Facebook account and your email account, once they have the password for one account, they have it for every account that uses those credentials.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.