What to Do if You Click on a Phishing Link

Oct. 14, 2020

1:00-2:00AM PST

In today’s email-rich world, cybercriminals regularly go phishing. This happens when cybercriminals use social-engineering and subterfuge to trick people into clicking on a phishing link, usually in an email message. Clicking on the link takes the user to a professional-looking website socially engineered to get the user to enter sensitive information. Some will be suspicious at this point and close the page without entering their information. Unfortunately, there is a good chance that just clicking on that link in the email led to secretly installing malware or other dangerous applications on your device.  

Phishing sites have become so sophisticated that virtually anyone can fall for the deception. And the attacks are getting worse. Today governments, commercial, and non-profit organizations must contend with business email compromise phishing attacks. The Anti-Phishing Working Group (APWG) noted in a recent report that the “number of phishing sites detected in the first quarter of 2020 was 165,772.” [i] If you feel you clicked on a link and got phished, there are things you can do to protect your sensitive information.

Go Dark Right Now

Whatever device you were logged on the internet with, be it a smartphone, a tablet, or a computer, get off the internet. If you were on a smartphone, turn the phone service off. If you were using a tablet or computer that connects to the internet through Wi-Fi, turn off the router. Doing these things will stop any transfer of sensitive information that may have started. Also, if you were quick enough, you may have stopped the phisher from downloading malware onto your device.

If you were unlucky enough to have already entered some sensitive information, write down everything you did. Better yet, take a snapshot or screen capture of the email and/or the phishing site. It is crucial that you identify any URL and/or email address attached to the site and email message. Should you become a victim, this information will help investigators with your case.

Perform a Broad Password Mitigation Process

This is something else you should do as quickly as possible. You will probably need to use someone else’s computer or device to change all your passwords. This is crucial, particularly if the phishing attack was directed at your bank or PayPal account. Then change all your passwords for all the legitimate websites you visit. This is because if you are like most people, you use the same hard to crack password on all your sites. This mitigation process includes changing secret answers and questions as well as password hints.

And whatever you do, don’t forget any web browsers, such a Google Chrome, that save passwords for you so that you don’t have to keep entering them. On a side note, it is a good idea to do a regular security check-up on your Google account. For example, there might be websites that require a username and password in your browser that you no longer visit. Deleting these websites closes a security risk. It would also be a good idea to think about end-to-end email encryption from Trustfi. This type of email encryption is your best defense against phishing.

Report the Phishing Attack

As soon as possible, contact the bank or other organization that spoofed you and let them know what happened. While it is an inconvenience, you may need to cancel credit and debit cards. Follow any advice the financial institution gives you and let them know what you are doing to secure your end.

Because phishing has become so prevalent, the AFWG wants to hear about all phishing attacks. The report mentioned above is the result of comprehensive research and investigations. This includes statistics that help guide public awareness. Those statistics come from victims that reported their experiences being phished.

Don’t Let your Virus and Malware Protection Lapse

These days, most people have virus and malware protection performing regular security checks when they go online. These security checks do block some cyberattacks. However, as soon as possible run a comprehensive scan on your device or computer. This step is vitally important if your virus and malware protection is out of date. You’ll need to bring it up to date and then run the scan.

Cybersecurity is a serious matter. Cybercriminals are on the lookout for un-encrypted emails they can use to start a phishing campaign. That is why you need one of Trustifi’s comprehensive email encryption solutions.

Be on the Lookout

For the next several weeks you will need to watch out for signs that your identity is being exploited without you knowing it. This is particularly true if your bank account information and/or your social security number was stolen in the phishing attack. One of the clues is suspicious purchases not made by you or any withdrawals you did not make.

Banks and credit card companies are pretty good about being proactive and can warn you in advance. However, you need to make sure that service is available. It is also a good idea to contact all three credit reporting services and let them know what happened. At the same time, get a credit report from all three and look for lines of credit you did not open.

Closing Thoughts

It is important to remember that getting phished can happen to anyone, it can be difficult to tell the difference between the real thing and phishing attempt. It happens to even the smartest people. Remember, cybercriminals know how to trick people. Use the errant click you made as a wake-up call to go over your cybersecurity protocols. This could include upgrading your email security with end-to-end encryption from Trustfi. Doing this will prevent a cybercriminal from intercepting any sensitive information from your emails.

It is also a good idea to make sure your virus and malware protections are working properly. We have become accustomed to these programs running silently in the background. One trick cybercriminals use is turning these programs off without you knowing. Thus, it would be a good idea to get in the habit of ensuring they are on and up to date.


[i] Phishing Activity Trends Report, 1st Quarter 2020. APWG, 11 May 2020. docs.apwg.org/reports/apwg_trends_report_q1_2020.pdf

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization