I Clicked On A Phishing Link, Now What?

What Is Phishing?

Phishing is a type of fraud where malicious actors attempt to deceive you into revealing confidential information. The information they’re after usually includes:

• Your passwords.
• Your login credentials.
• Your bank account numbers.
• Your Social Security numbers.
• Confidential business data.

The most common phishing attempts are social engineering attacks where cybercriminals send you a message impersonating your bank, a legitimate company, or even your place of work.

Fig 1. Example of a phishing email sent to a company employee.

How to Spot Phishing Attempts

Spotting phishing emails can be tricky because they employ clever tactics to look legitimate.

Most phishing attacks mirror the login pages of legitimate companies, have a similar email address with a subtle typo, and employ a sense of urgency. This urgency can come in many forms, including telling you that:

• Suspicious activity has been detected.
• Your account is about to be locked.
• You need to verify your account credentials.
• You need to pay an amount.
• You have received a delivery.
• You have won a prize.

Fig 2. Example of a phishing SMS message and fake login page.

The goal of this is to entice you to act on impulse and do something before you have had a chance to think it through properly. But it’s not just phishing emails you need to be wary of. There are other types of sophisticated phishing scams, including:

• Smishing: SMS phishing, where malicious links are placed in SMS text messages.
• Fake invoices: Fraudsters send a fake invoice, along with instructions to call a phone number if the invoice is incorrect. When the victim calls, the fraudster attempts to solicit sensitive information.
• URL phishing: Cybercriminals create websites that masquerade as legitimate websites, which prompt users to input their data.
• Business email compromise: Hackers pose as executives to trick employees, partners, or customers into transferring funds or providing confidential information.

What Happens If You Click on a Phishing Link?

What happens after you’ve clicked on a phishing link depends on the type of scam you’re dealing with.

Depending on the sophistication and intent of the scam, different outcomes can emerge:

Malware

One of the most immediate dangers is the silent download of suspicious files onto your device. Most of these operations run stealthily in the background, so an average user wouldn’t even be aware of them.

Have you ever received an email from an unknown sender and seen a notification warning you not to open attachments from an untrusted source?

This is because malware can be damaging to businesses and individuals, and many email service providers and organizations proactively attempt to stop malware from spreading.

These malicious files can range from viruses that corrupt irreplaceable files and spyware that gains remote access to your device, to ransomware that locks your files and demands payment for their release.

Redirection to phishing websites

A malicious link embedded in a phishing email will typically lead you to a fraudulent website.

Often, these fake websites will look like trustworthy ones (for example, your online banking website) and ask you for your login credentials.

Once the criminals have gained this important data, they can use the same password and username you’ve given them to log into your real account and drain your funds.

Data harvesting

Some phishing emails or websites redirect you to forms that ask for a range of private information—from your birth date and address to your Social Security number.

This information can then be sold to unscrupulous buyers or published on the dark web, which makes you vulnerable to identity theft or financial fraud.

Access to your address book

If hackers gain access to your email address, they can send a phishing link to everyone in your address book.

Because the suspicious email seems to come from you, your contacts are more likely to think it’s legitimate and accidentally open the harmful link.

As the phishing link spreads through your contacts, it perpetuates the scam and could lead to embarrassment or damage to personal and professional relationships.

Control all your accounts

For most people, their primary email address is the recovery point for all their other accounts. If a cybercriminal breaches this email account via a successful phishing attack, they may be able to use it to gain access to your other accounts by intercepting password reset requests.

I Clicked on a Phishing Link but Didn’t Enter My Details

If you clicked on a phishing link but didn’t enter personal information, you’re in a much better position than if you had provided your details and should be safe from the most common types of phishing.

Remember however, some phishing links can install malware, so you should still take the following steps to protect yourself:

🔺 Immediately disconnect from the Internet

After you’ve clicked on a phishing link, immediately disconnect from the Internet. If you have a wired connection, unplug your ethernet cable.

Malware can spread to other devices connected to your network and cause further damage, so you’ll want to get offline as quickly as possible.

🔺 Run a malware scan

Rather than doing a quick scan, do a full system scan with your anti-malware software or antivirus program.

It takes longer but is more thorough, since it checks every file and application. After the scan, the software will list any suspicious files found.

Depending on the anti-virus program and the nature of the threat, either quarantine or delete the suspicious files to prevent installed malware from causing damage.

If you think your iPhone or Android phone has been hacked, Certo apps make it easy for you to scan, detect, and remove threats from your device.

Certo AntiSpy (iPhone) and Certo Mobile Security (Android) uncover malware—even if it’s designed to be undetectable—and safely remove cyber threats giving you peace of mind that your device is secure.