Home → Security →

What to Do If You Click on a Phishing Link [2022]

Written by, Dimitar F

Updated April, 29, 2022

Did you know that there was a 50% increase in cyber attacks in 2021?

Human errors play a huge part in phishing attacks. In this article, I’ll explain what to do if you click on a phishing link, how phishing works, the types and signs of phishing attacks, and FAQ.

Let’s dive right in.

How Does Phishing Work?

In cyber security, phishing falls under the category of a social engineering attack. Cybercriminals and hackers typically use it to steal user data like bank details, credit card numbers, and login credentials.

A phishing scam involves the attacker posing as a trustworthy person, entity, or reliable source. They use this to trick victims into opening a phishing email, text message, or instant message, and clicking on a malicious link.

Usually, one click on a bad link is all it takes to fall for a phishing attack. That can prompt malware installation on your device, reveal your sensitive data, or block your systems or files as part of a larger ransomware attack.

For individuals, a phishing scam can lead to:

  • Identity theft
  • Credit card fraud
  • Data loss
  • Loss of funds
  • Blackmail

For corporations and governments, phishing attacks are typically a part of larger malicious plans.

Phishing allows attackers to:

  • Bypass security
  • Gain access to private networks and sensitive data
  • Distribute malware
  • Launch DDoS attacks
  • Steal money
  • Compromise employees

And these are just some of the issues. Companies risk losing revenue, sensitive data, consumer trust, brand reputation, and market share.

According to IBM, a data breach cost businesses $4.24 million on average in 2021, increasing from $3.86 million in the previous year. These numbers are expected to grow by 10% year on year.

In Ironscales’ survey, 80% of respondents experienced more email phishing attacks since the beginning of the COVID-19 pandemic, making this the biggest threat to small and large businesses.

Verizon’s 2021 DBIR confirms that a whopping 36% of all data breaches involved phishing, an 11% increase since 2020. 

Like most scams, a typical phishing attack involves urgency and fear, often pressuring the user to take action. For example, you may receive an email regarding password expiry, account upgrade, or an invoice for goods you never ordered.

Other times the email may seemingly come from your HR department, government tax agency, or claim that “suspicious/unusual activity has been detected on your account.” Ultimately, these emails lure you into opening a link for details, making changes, reimbursements, or cancelling orders.

The link may redirect you to a bogus website, which is replicated to look just like an authentic page from the trusted sender. This fake website may ask you to fill in your credentials, share bank details or credit card information, which the attacker then uses to their advantage.

Other times, the link may automatically download and/or install malware on your computer or browser, giving the attacker access to files and networks or allowing them to deploy a larger attack.

Types of Phishing Attacks

Cybercriminals and hackers are constantly coming up with new ways to reach the IT systems of individuals and businesses. They continually learn, evolve, and improve their malicious techniques and practices.

Phishing scams fall into several categories. Let’s look at each of them.

Email Phishing

Email phishing, also known as deception phishing, is the most common phishing attack. In it, the attacker impersonates a trusted person or entity and sends emails to victims.

They leverage clever social engineering tactics to create urgency and fear, so the victim clicks on the malicious email link. This leads to a malicious download or a bogus website, where the attacker lures the victim to share sensitive information.


Voice phishing or “vishing” uses a phone call or “voice” to create urgency and fear. So, the victim takes certain actions that work against them and in favour of the attacker. Other times, the calls extract sensitive information from the victim.

For example, you may get a fake phone call from someone pretending to be from the Internal Revenue Service (IRS). They create urgency and stress by calling during the tax season and fear saying they want to conduct an audit. Then, they ask you for your social security number to run the audit.

The dangerous combination of stress, fear, and urgency often leads the victims to give out sensitive information that results in heavy losses.


Smishing is phishing over text messages or SMS. It applies the same social engineering tactics, but the platform or technology differs. The attacker sends texts that compel you to take action or click a malicious link that redirects you to a bogus website or installs malware on your device.


Whaling is a type of corporate phishing whereby the target is an influential and affluent executive like a CEO or a “whale.” 

Hackers or cybercriminals target and research a high-ranking business executive through public records, social media, or the company website to gather as much intel on the target as possible.

They impersonate the target through a similar, seemingly authentic email address. They may use this address to ask the company, or a lower-ranking employee, to share sensitive information, transfer money, or open a malicious link.

Spear Phishing

Spear phishing is similar to whaling, but instead of targeting and impersonating high-level executives, the attacker impersonates an employee. They target you with well-researched, real employee names, job designations, and phone numbers to extract information or deploy malware.

Attackers trick you into believing that their email request is an internal company request, leading you to take action or reveal the information they want.

Clone Phishing

Clone phishing is also an email phishing attack where the attacker impersonates a service provider, vendor, or company that you or a business has previously used. They conduct research to find out what brands, businesses, or services the victim regularly engages with or has engaged with in the past.

The attacker then sends targeted emails that mimic or “clone” the email address and format of one of those services. Ultimately, they get you to click a malicious link and share sensitive information or download malware.

Signs of a Phishing Attack

No one wants to be a phishing scam victim, but sometimes attackers can be so convincing that they fool even the best of us. Fortunately, most phishing attacks are identifiable if you know what to look for.

Here are a few key signs of a phishing attack that will help you identify a malicious actor trying to take advantage of you.

Spelling and Grammar Mistakes

This is one of the most common signs of a phishing email. If a professional email contains spelling mistakes and incorrect grammar, you’re likely being scammed. 

Most authentic marketers, businesses, and services have tools for strict spelling and grammar checks for outbound emails. They never want to sound unprofessional or incompetent; hence, you’d expect them to send emails without spelling or grammar mistakes. Of course, no one is perfect, and a tiny mistake is always possible. But if you see multiple errors, you can be sure that it’s a phishing email.

Urgency and Fear (or Threats)

Urgency and fear are the primary social engineering tactics phishing scammers use. It’s their modus operandi. Often, they’ll also resort to threats in the form of negative consequences if you fail to comply.

Such emails or messages should always raise red flags, and you should treat them with suspicion. If an email creates a sense of urgency or demands immediate action, you need to examine the content for other phishing signs.

If you cannot find any signs, the best strategy is to directly call the company, authority, or individual on their official lines and ask about the email.

Suspicious Domain Name / Link / URL

A great way to identify potential phishing attacks is to look for discrepancies or eccentricities in the links and domain names. For example, when you see a link in an email, hover your mouse cursor over the link to verify the URL that pops up without clicking.

If the sender alleges to be from a service like Netflix or Venmo, but the URL doesn’t include the official website, like netlix.com or venmo.com, that’s a giveaway that the link is malicious. As a rule of thumb, if the link URL doesn’t match the alleged sender, refrain from clicking it.

Other times, the attacker will use clever tricks to make it look like the URL is authentic. For example, they may share the entire link, which seems legit, but they’ll hyperlink it to a malicious page. You can check this by hovering your cursor over the full link and verifying that it’s authentic and matching.

Attackers may also include seemingly identical URLs using “letterlike symbols.” For example, the link may be netflíx.com, which looks exactly like netflix.com at first glance. But if you look closer, the letter “i” in the first one has a dash instead of a dot.

While trusted services and authorities like ICANN ensure similar domain names aren’t available to anyone, attackers often use a combination of such techniques to get away with similar-looking URLs.

Suspicious Attachments

Just like malicious links or URLs, attachments in phishing emails can often wreak havoc. Always be cautious about opening attachments from unknown or suspicious sources. If they have a suspicious extension like .exe, .zip, or .scr, you should run them through a virus scan before opening.

Requests From an Unknown Sender to Follow a Link

Since phishing emails are unsolicited, attackers often use “hooks” to lure you in and get you to click. You may get a request from an unknown sender asking you to follow a link. That’s a big sign of a phishing attack. 

They may say you’ve won a prize, vacation, or a discount, to get you to reply with sensitive information, follow a malicious link, or open an attachment. Don’t be tempted by such phishing practices.

Suppose you haven’t initiated the conversation by signing up or opting in to receive such offers, newsletters, marketing materials, or information. In that case, there’s a very high chance that the email is a phishing scam.

Changes in Communication (With Family, Colleagues)

You can often spot a phishing attack through changes in communication, tone, or greetings. If a relative, friend, or colleague emails you, and you notice that the language or conversation isn’t quite right, you should be wary.

For example, you should watch out if a friend becomes a little too formal or a colleague is suddenly friendlier. Other times, you may notice that the conversation is inconsistent with previous interactions. Either the context has changed, or the tone or greeting is very different.

For example, if you receive an email from a colleague that starts with “Dear Collin,” but that colleague has never used such a greeting before, that’s an immediate phishing sign. Whenever you get a message or email that seems strange, it’s best to be cautious and look for other red flags.

Nothing Happens After Clicking a Link — A Sign That Malware Is Being Installed

You may overlook the signs if you’re convinced that the sender of the email or message is authentic and the contents are legitimate. 

Suppose you get an email from a colleague, and they’ve shared a link for something work-related. You may not think twice if this colleague regularly sends you links for work. But if you click on the link and nothing happens, that’s a sign of a malicious link. Whether from a known or unknown sender, if a link does nothing, it’s most likely downloading malware on your device.

a man coding on a laptop

What to Do If You Click on a Phishing Link

So, you clicked on a phishing link. While awareness of phishing signs is a great way to prevent scams, social engineering attacks can sometimes fool you.

So, what to do if you accidentally click on a phishing link?

Don’t Enter Your Username or Password

If the malicious link redirects you to a website or landing page, it’ll likely ask you to enter your personal details, login credentials, banking information, credit card details, or sensitive information. Whatever you do, don’t provide any of that. It’ll directly go to the attacker, and they can use it against you almost immediately. 

Skilled cybercriminals and hackers often use automation tools to take action before you can rectify your mistake.

Disconnect Your Device From the Internet

If the malicious link or attachment starts to download malware on your device, the best thing to do is disconnect that device from the internet immediately. This will ensure that the download is stopped from the source.

Of course, sometimes downloads are small and quick, meaning you may not be able to stop them in time. Still, disconnecting your device from the internet ensures that the downloaded malware cannot access your sensitive data or trigger further malicious activity through the internet.

It cuts off the attackers’ access and  isolates your device from other devices on your network, preventing the malware from spreading.

Backup Your Device

If the attacker is after your data, you need to backup your device once you disconnect it from the internet. You’ll need to back up on a physical storage device, as the cloud isn’t an option without the internet.

This backup will ensure that the attacker or their malware doesn’t restrict, delete, or tamper with your device’s existing data. It’s especially useful if the phishing scam is part of a larger ransomware attack. But there’s no guarantee that you’ll be able to overcome the phishing attack or fully backup your data after clicking a malicious link.

Run the Security Check

Most devices already have a built-in security scanner or existing antivirus software, and your device likely has one. Once you click on a malicious link or attachment, running a security check is crucial.

You can use the built-in scanner of your device, or you can opt for a better third-party scanner or software. Either way, a security check is crucial to locate the malware, remove it, or prevent it from causing further harm.

Change and Create a Strong Password

Often, you may not realize a breach has occurred or know what sensitive data has been leaked from your device after clicking a malicious phishing link. It’s better to err on the side of caution and change all your passwords immediately after clicking on a phishing link.

This includes the passwords for all your devices, accounts, and subscriptions. Also, you need to make sure that you’re using strong passwords that the attacker cannot crack using any leaked information from your device.

Consider using a trusted password manager with a built-in password generator. These password managers can help you create strong and unique passwords for all your accounts while ensuring they’re stored safely on their encrypted platforms.

Set up a Fraud Alert 

Setting up a fraud alert is perhaps the best way to prevent phishing attackers from taking advantage of your identity and finances. If you click on a malicious link, immediately call and alert any of the three nationwide credit rating agencies or bureaus — Experian, Equifax, or TransUnion.

As soon as you ask for a fraud alert with these agencies, they’ll alert the other two. All three will set up a fraud alert in your file, safeguarding you against any financial harm from identity theft or credit theft.

What About Phishing Attacks on Smartphones?

Phishing attacks on smartphones aren’t different from phishing attacks on any other device. But most smartphone attacks are smishing and vishing attacks, which rely on the same social engineering tactics to bypass security and gain access.

Fortunately, only 1% of all phishing attacks occur via phones, which may seem insignificant, but it’s still enough to remain vigilant. If, however, you click on a phishing link or attachment via your smartphone, here’s what you should do.

What Should Android Users Do?

There’s little difference between phishing attacks on smartphones and other devices. However, Android devices are more prone to malware and viruses, putting you and your smartphone at risk.

You should follow the previously mentioned steps for your Android device. Don’t enter credentials, disconnect the internet, backup the device, run a security check, change passwords, and set up a fraud alert.

Also, you should look for any suspicious files in your smartphone, delete them, and run a malware scan or security check using a trusted antivirus Android software. These are specifically designed to scan Android devices.

What Should iPhone Users Do?

iOS users are luckier in the security department because Apple’s built-in protection prevents data exposure unless you use an app or open a website. So, if you feel something isn’t right or looks suspicious, just stop engaging with the link or page.

If you click on a malicious phishing link on your iPhone, it’s best to try to identify your targeted accounts and change their passwords accordingly. You should never give away sensitive information, credentials, or access to third parties, even on an iPhone.

If something goes wrong, set up a fraud alert and take your iPhone to the nearest Apple Store for support.


Hopefully, by now, you know enough about how phishing attacks work, their types, and what you should do if you click on a phishing link.

The rapidly increasing number of data breaches globally is alarming. Unfortunately, it’ll only worsen as more people and businesses shift online. Scams like phishing attacks pose a significant threat to individuals and businesses, but they’re not entirely out of our control.

By identifying signs of phishing attacks, we can easily prevent malicious actors from taking advantage. Of course, cyber security awareness is paramount for avoiding social engineering attacks like phishing in homes and businesses.


What if I clicked on a phishing link but did not enter details?

If you clicked on a phishing link and did not enter details, you’re likely not in much trouble. Still, you need to exit the page immediately, disconnect your device from the internet, backup the device, run a security check or malware scan, change your passwords just in case, and set up a fraud alert if you suspect malicious activity.

What happens if you accidentally click on a phishing link on iPhone?

Apple’s built-in protection prevents your data from being exposed unless you use an app or open a website. If you accidentally click on a phishing link on your iPhone, you just need to stop engaging with the link immediately.

Never give away sensitive information, credentials, or access to third parties on your iPhone. If you suspect something, check your iPhone and try to identify any targeted accounts to change their passwords. If something goes wrong, set up a fraud alert and take your iPhone to the nearest Apple Store for support.

What to do if you click on a phishing link on Android?

If you click on a phishing link on Android, don’t enter your credentials or sensitive data, disconnect your device from the internet, backup the device, and run a security check or malware scan using a trusted antivirus Android software.

You should also change your passwords and set up a fraud alert with any of the three major credit rating agencies.