Clicked on a phishing link? Here’s what you need to do

Table of Contents

Table of Contents

Table of Contents

ShowShow all

Hide

What happens if you click on a phishing link?

URL phishing — or manipulating users to click on malicious links — is a social engineering attack (and a common cybersecurity threat). Phishing links can be programmed to do several different things, from passing your information to spreading malware. Here’s what may happen when you click on a phishing link.

Cybercriminals may get your information

Clicking on a phishing link may instantly transmit your location and device information to malicious actors. With this information in their hands, they may be able to target you with location-based scams or commit other types of cybercrimes (like financial fraud or identity theft). Additionally, cybercriminals may sell your compromised information on the dark web, enabling other malicious parties to target you.

You may be redirected to a phishing site

Some phishing links redirect you to fake websites (that often look legitimate), where cybercriminals may ask you to enter sensitive information. Sometimes, if your browser has security loopholes, just landing on a fraudulent website may trigger a malware download (known as a drive-by download).

It may install malware on your device

Some phishing links may be set up to download malicious files when you click them. This may be the most dangerous type because you have less time to stop the malware from spreading on your device.

The malicious download may contain spyware — dangerous malware designed to steal your information (like credit card details, usernames, and passwords). Some types of malware may also give the attackers remote access to your device.

What should you do if you click on a phishing link?

Even if you’re aware of the dangers of phishing, you may still sometimes accidentally click on a phishing link. Here are the steps to take if you’ve done so.

1. Don’t provide information. Clicking on a phishing link is bad — but clicking on a link and entering your information is worse. If you’ve clicked on a phishing link and were taken to a potentially malicious website, don’t enter any information or interact with the website in any way (e.g., click other links or accept cookies). What you need to do is leave the fake website immediately to avoid further problems.
2. Disconnect from the internet. Going offline on your device is important because it interrupts whatever is happening behind the scenes — whether it’s a malware download or the attackers already harvesting your sensitive information. Disconnect from your Wi-Fi or turn on Airplane Mode on your phone — then you can safely investigate the attack further.
3. Check your device for malware. Once you’re offline, check for signs of malware infection. If you’re using a desktop or a laptop, run a scan using your anti-malware software. The scan should detect if your device has been infected and display the steps for removing malware. For iOS devices, it may not always be possible to run an antivirus scan — we’ll talk more about this operating system in the FAQs.
4. Back up your data. Malicious infections may damage or delete your files, so it’s important to back them up. Because you won’t be connected to the internet, the best way to back up your files is to use an external encrypted storage device. Be sure to back up your files only after removing malware to keep it out of the backup.
5. Change your passwords. The next step is securing all your accounts that may be at risk (such as your bank or student loan account). Using a separate device, update your passwords and passphrases. For security reasons, don’t perform this step on the device you used when you clicked the phishing link — it should still be disconnected from the network. Check out our strong password guidelines for tips.
6. Report the phishing link. Finally, report the phishing link to help protect others from falling for the same scam. You should perform this step after you’ve made sure that your device is safe and hasn’t been infected with malware. If the phishing link came from an email, go back to the email and click the “Report spam” button. You may also report the phishing email to an official government body, such as the Federal Trade Commission in the U.S. or the National Cyber Security Centre in the UK.

How can you protect yourself from phishing?

As internet users, we’re often targeted by phishing scams. While companies do their part to prevent phishing, make sure you’re also taking steps to keep yourself safe. Here’s how to protect yourself from phishing.

• Learn to detect phishing. Get familiar with how phishing attempts look, sound, and feel so that you can learn to recognize them. Though phishing attacks can sometimes be difficult to spot, they often have common characteristics that give them away (like a sense of urgency and poor grammar). In addition to recognizing these attacks, using anti-phishing solutions that block dangerous phishing websites, can help you further enhance your online security. We’ll review the most common signs of a phishing attack in detail below.
• Think before you act. When you receive an urgent email (e.g., with a subject like “Action required”), make sure you think before you do anything. Take the time to ensure the sender’s email address is legitimate by visiting the company’s official website or contacting the company at a number you trust (not one from the message). It’s highly unlikely that a legitimate company would expect you to take action the second you receive an email — so it’s best to slow down and carefully think it through.
• Keep software up to date. Regularly updating your software generally improves your cybersecurity and can help defend against phishing campaigns. Software (and browser) updates often contain the latest security patches to keep you safe against constantly evolving threats.
• Set spam filters for email. Most email providers allow you to set spam filters — specific filtering rules that keep out unwanted or potentially malicious emails. You can set these filters to look for specific criteria and stop emails that match the criteria from reaching your inbox. With the help of spam filters, you can automatically reduce the number of fraudulent emails you receive.
• Use multi-factor authentication (MFA). While setting up multi-factor authentication won’t prevent phishing attacks, it may help protect your accounts from attackers. Multi-factor authentication asks account owners to authorize login attempts using a special code or a second device. While the attackers may have your login credentials, they hopefully won’t be able to authorize the login and reach the account.
• Consider using a password manager. A password manager is a specialized tool that lets you securely create, store, and autofill your passwords. Password managers typically generate strong, unique passwords you don’t have to remember and autofill them for known websites. Plus, your passwords are stored in an encrypted vault, so even if attackers succeeded in accessing your device, they wouldn’t be able to steal your passwords. Check out more information about the NordPass password manager.

How to recognize phishing scams

Learning to recognize phishing scams is crucial. Most phishing campaigns have similar characteristics. Here are the most common.

• A sense of urgency. Most attackers want to create a false sense of urgency so that you take action before you can think your actions through. The less time you have to think about what you’re doing (e.g., entering your login credentials), the less likely you are to notice the warning signs. If an email or a text message sounds unusually urgent and asks you to take action immediately, take a moment to pause and carefully review the message.
• First-time or infrequent senders. While it’s possible to get an email from someone legitimate who has never emailed you before, it’s worth treating such emails with caution. If you receive an email marked as “External” or from a sender you don’t recognize, slow down and review the email carefully. If it feels off, you’re probably onto something.
• Mismatched email domains. If you get an email supposedly from a reputable company like NordVPN or your bank, but the sender’s email address uses another domain (like Gmail.com), it’s probably a phishing scam. Also, watch out for slight misspellings of legitimate domain names (e.g., @n0rdvpn.com) — scammers often use these to trick users.
• Bad spelling or grammatical errors. Cybercriminals rarely spell-check their content, so phishing emails and text messages are often littered with mistakes. While sometimes these errors result from awkward translation practices, other times they may be a deliberate approach. Scammers want to avoid people who notice these mistakes because they’re more likely to realize it’s a scam before they part with their money.
• Generic greetings. When you get a legitimate email from a company about a product you use, it typically won’t have a generic greeting (like “Dear customer”). You will most likely have provided your name when signing up for their services, and most companies use personalization to make emails more engaging. If you receive an email with a generic greeting, it may be fraudulent.
• Suspicious files or links. Finally, most phishing attacks include suspicious attachments or links you’re urged to interact with. Legitimate companies (like banks) won’t send you emails with direct login links or attachments to open — so if you get such an email, it’s most likely a phishing scam. If you’re suspicious about a link, you can check if it’s legitimate by hovering over it with your mouse until its actual URL appears. With scam links, it’ll likely be a string of numbers that don’t look like the company’s web address.

For more information, check out our article on how to protect yourself from phishing emails.

FAQ

I clicked on a link but didn’t enter my details: What should I do?

Many phishing attacks rely on you providing your confidential information that the attackers can use for further attacks. If you clicked on a phishing link but didn’t enter any details (like your name or login credentials), it’s possible that no damage was done.

However, sometimes, just by clicking a link or being redirected to a fraudulent website, you risk a malware infection. That’s why it’s important to follow the steps above to make sure your device and your accounts are secure rather than do nothing.

I clicked on a phishing link on my iPhone: What should be my next steps?

If you’ve accidentally clicked on a phishing link on your iPhone but didn’t enter any information, no harm has likely been done. The good news about iOS devices is that it’s very difficult for a bad actor to install malicious software without your consent. Apple devices will always ask for your permission to install new software, so your device won’t be infected if all you did was click on the link. However, here’s what you should do if you’ve accepted a download or provided additional information.

If you’ve clicked on a link and accepted a download, you’ll need to delete the downloaded files from your device. It is uncommon to be able to download malware onto iPhone devices, but if you did, you should be able to delete these files easily. You should also run a scan using a reliable antivirus program (like Avast or Norton). Follow the instructions your antivirus software provides to ensure your device is malware free.

If you’ve clicked on a phishing link and provided additional information (like your card details or Social Security number), you will need to take steps to protect your device and accounts. Follow the steps listed in the main article to make sure your device is safe.

I clicked on a phishing link on Android: What steps do I take?

If you’ve clicked on a malicious link on an Android device, you’ll need to follow the steps outlined in the “What should you do if you clicked on a phishing link?” section.

When checking for malware, make sure you carefully review all your apps. The most common way for Android devices to be infected is by shady or malicious apps, so remove apps you don’t remember installing.

To check for malicious apps, go to “Settings” and “Manage apps.” Sort your apps by storage to detect the ones consuming more data than expected — then delete any suspicious ones.

Should I reset my phone if I’ve clicked on a phishing link?

Whether you reset your phone after clicking on a phishing link is up to you. While following the steps outlined above may be sufficient for your device, resetting the phone to its factory settings is another way to remove malware from it. However, you’ll also be removing all your data, photos, and files — so you should make sure you’ve got all your information and content saved somewhere else.