In this article:
Identity theft and fraud protection for your finances, personal info, and devices.
What Can Happen If You Click on a Phishing Link?
Clicking on a phishing link can open you up to serious threats — from downloading viruses to entering sensitive information on fake websites. In worst case scenarios, phishing attacks can lead to identity theft, hacking, or even give scammers remote access to your devices.
Approximately 3.4 billion spam and phishing emails are sent every day — making it the most common type of cyberattack [*].
At the bare minimum, clicking on a link in a suspicious email, text, or social media message tells scammers that you’re an active target (and may even provide them with your IP address, location, and device information).
How To Know If You’ve Clicked on a Phishing Link
Phishing campaigns have evolved beyond poorly-worded, obvious scam messages (such as the traditional “Nigerian Prince scam” [*]) and have become much harder to spot.
One especially dangerous new type of phishing is called “subdoMailing” — in which scammers take over subdomain URLs from trusted brands and use them to send emails and host malicious websites.
In February 2024, TechRadar revealed that hackers were sending over five million emails daily, using subdomains connected to companies like McAfee, MSN, CBS, Better Business Bureau, Unicef, Symantec, and eBay [*].
But while spotting phishing campaigns is becoming more difficult, there are some clear warning signs that indicate you’ve clicked on a malicious link:
- You click on a link and are taken to a login page. Phishing links often redirect to look-alike login pages. If you click on a link and are asked to sign in to your social media or online bank account, it could be a scam. Another warning sign is being redirected to the sign-in page after you have already entered your password.
- The site you were taken to has a strange or look-alike domain. Phishing sites often use URLs with slight variations in order to trick users into thinking they are on the real site. For example, a copycat site might have a URL such as amazon.xyz or wellsfarg0.com. Always double-check the URL for slight typos to ensure that the page you are visiting is a legitimate website.
- Clicking on the link starts an automatic download. If you notice an unexpected download starting — or any programs running in the background — this can indicate that malicious software is being installed on your device.
- Your device shows signs that it’s been infected by a virus. Symptoms include slow performance, unexpected pop-ups, or unauthorized changes to your files and accounts. Malware can infect nearly any device — from Apple iPhones, tablets, and laptops to Android and Windows devices.
- You’re asked to “verify” information or provide financial details. Legitimate companies typically do not ask for sensitive information like your PIN, passwords, or account numbers. For example, a common phishing tactic is to claim that a package can’t be delivered until you confirm your address and credit card numbers.
Damage Control: What To Do After Clicking on a Phishing Link
How you respond after clicking on a phishing link will depend on the type of phishing attack and what you did after you clicked on the link. The more information you give out, the more complex your recovery process will become.
After clicking on a phishing link, here’s what you can do to protect your data and secure your accounts:
Don’t provide any personal information or passwords
If hackers get your personally identifiable information (PII), you could become a victim of identity theft. Fraudsters could rack up debts in your name and ruin your credit score, making it harder for you to get a job, loan, or mortgage.
The 2024 State of the Phish Report revealed that 71% of adults admitted to clicking on suspicious links from unknown senders or sharing passwords [*].
More concerning is that 96% of these people knew the risks they were taking.
Never share your sensitive personal information with anyone who contacts you out of the blue — especially not your passwords, one-time passcodes, or Social Security number (SSN). When in doubt, contact the company directly to confirm the request.
📚 Related: What Data Do Cybercriminals Steal (and How To Protect Yours) →
Contact your company’s IT department
Hackers regularly target company email addresses to try and access sensitive information and networks. According to IBM, phishing is the most common type of attack leading to data breaches [*].
If you clicked on a phishing link in your company email, make sure you contact your company’s IT department immediately and follow their advice.
Delete any automatic downloads
Hackers hide malicious files in emails and SMS text messages. If you click on a phishing link, you may install spyware on your device, allowing cybercriminals to take remote control of your computer.
If you see suspicious activity, such as a file downloading automatically, stop the download and delete the file immediately. You can also use your operating system's built-in security features, like Windows Defender or macOS Gatekeeper, to identify and quarantine threats such as unwanted downloads.
📚 Related: Do Scammers Have Your Email Address? Do This Now! →
Disconnect from the internet (and run an antivirus scan)
Every moment that you stay online after clicking on a phishing link gives hackers more time to infiltrate your system and steal your data.
According to Verizon, it takes less than 60 seconds for users to fall for phishing emails — from clicking on the link to having their data swiped [*].
If you spot any suspicious files, you can contain the threat by disconnecting from the internet. Once you cut off Wi-Fi access, run a deep scan with a reputable anti-malware program that detects and removes any malware before it can steal your personal data.
Back up your most important data
Hackers use phishing attacks to install malware that can corrupt your files, or ransomware that holds your personal data hostage. Regular backups mitigate these issues by ensuring that you always have a recent and safe version of your files. Even if you haven’t been regularly backing up your files, doing so now will potentially help you recover data that hackers destroy or steal.
Moving forward, you can set up automatic backups on both Windows and Mac computers by using either external hard drives or cloud storage options.
Update your passwords, and enable 2FA
If you entered passwords into a login page after clicking on a suspicious link, you should update them immediately — especially if you reuse passwords (or variations of them) across multiple accounts.
Poor password practices put three out of four people at risk of being hacked [*]. Use unique and strong passwords for each account — ideally stored in a password manager that will warn you if your login credentials are at risk.
For added security, enable two-factor authentication (2FA) whenever possible. This added security measure will prevent hackers from accessing your accounts, even if they steal your passwords.
Report the phishing link and message
39% of employees admit they are unlikely to report a workplace cybersecurity incident, which is a worrying trend for businesses and people alike [*]. Without a vigilant approach to reporting scams and phishing attempts, there is a greater risk that more people will fall victim to the same scams.
If you don’t report a phishing attack to the proper authorities, your family or friends could be next in the scammer’s crosshairs. You can protect yourself and others by reporting spoofing or phishing incidents to the FBI. To file a report about phishing, visit the Internet Crime Complaint Center (IC3).
Consider freezing your credit and monitoring your identity
Scammers are almost always financially motivated. Phishing attacks can be used to access your bank accounts or steal personal information that can be used to open new credit accounts or take out loans in your name.
The quickest way to stop identity thieves is to freeze your credit with the three major credit bureaus — Experian, Equifax, and TransUnion. Freezing your credit file will prevent unauthorized individuals from opening new accounts or making changes to your credit profile.
To freeze your credit, you’ll need to contact each credit bureau individually:
Pro tip: Consider an identity monitoring service if you want 24/7 protection for your credit reports. Identity Guard monitors your bank, credit, and investment accounts and sends near real-time fraud alerts if your accounts or data are at risk. Try Identity Guard risk free with a 60-day money-back guarantee.
Warn your friends and family
If you've clicked on a phishing link, imposters may take over your social media or email accounts and make contact with your friends, family, or work colleagues. Hackers could even steal your phone number and trick your loved ones into sending information or money.
Warn your friends and family members immediately if you've clicked on a phishing link. By spreading the word about the potential threat, your contacts will be on guard if they receive strange messages from your accounts or phone numbers.
📚 Related: What To Do If You’ve Been Phished: 7 Next Steps →
How To Protect Yourself From Phishing Attacks
Phishing attacks are still among the most common cyber threats in 2024 because they’re extremely effective and easy for hackers to implement at scale.
While knowing what to do if you click on a phishing link will help you react quickly, the smarter approach is to adopt a preventative mindset. Avoid sharing sensitive data in the first place, and never engage with anyone who contacts you through unsolicited emails, calls, or text messages — until you’ve verified who they are.
For peace of mind, consider Identity Guard’s all-in-one platform which includes award-winning identity theft protection, Safe Browsing tools, 24/7 U.S.-based support, and up to $1 million in identity theft insurance.
