Help! I Clicked on a Phishing Link (What to Do)

Phishing attacks are a common and increasingly sophisticated form of cybercrime.

If you’ve clicked on a phishing link, it’s crucial to act quickly to mitigate potential damage.

Here’s a step-by-step guide on how to spot a phishing message and what to do if you find yourself in this situation.

Understanding Phishing Attacks

Phishing attacks are a type of cybercrime where attackers pose as legitimate entities to deceive people into revealing sensitive information such as login credentials, credit card numbers, or other personal data.

These attacks can take various forms including email, social media messages, phone calls, and text messages.

The primary goal is to trick the recipient into taking an action that benefits the attacker - such as clicking a malicious link, downloading malware, or providing confidential information.

In 2022, fraudulent emails accounted for nearly 50% of all sent emails, with phishing remaining one of the most common forms of cybercrime, equating to an estimated 3.4 billion spam emails sent every day.

3 Common Types of Phishing Attacks

Email Phishing

This is the most common form, where attackers send fraudulent emails appearing to be from trusted sources.

These emails often contain links to fake websites designed to steal information.

Vishing (Voice Phishing)

This method uses phone calls to deceive people into providing personal information.

Attackers often pose as representatives from banks, government agencies, or technical support.

Smishing (SMS Phishing)

This approach uses text messages to lure people into clicking malicious links or giving up personal information.

Immediate Actions

If you’ve clicked on what you believe to be a phishing link - don’t panic. Follow these steps straight away:

1. Disconnect Your Device

The first and most crucial step is to disconnect your device from the internet.

This prevents malware from spreading or communicating with a remote server.

2. Do Not Provide Personal Information

If you were directed to a webpage asking for information, do not enter any details. Close the browser window immediately.

3. Scan for Malware

Run a comprehensive malware scan on your device using reputable antivirus software such as Bitdefender, Norton, or Avast.

If you don’t already have antivirus software, use a different device to download one and transfer it using a USB stick.

4. Change Your Passwords

If you entered login credentials on the phishing page, change those passwords immediately.

Use strong, unique passwords for each account. The National Cyber Security Centre recommends combining three random words.

Consider using a password manager to store your credentials securely.

5. Monitor Your Accounts

Check your bank accounts, credit cards, and other financial services regularly for suspicious activity.

Report any unauthorised transactions to your provider straight away. Even if nothing has happened yet, it’s wise to inform your bank of the situation so they can watch for issues.

6. Report the Incident

Forward suspicious emails to report@phishing.gov.uk.

You should also report the event to Action Fraud if you:

• Have lost money or been a victim of fraud due to phishing.
• Have been hacked or had your personal data compromised.
• Received a suspicious message claiming to be from an official source.

Preventative Measures

Prevention is better than having to recover from an attack. Here’s what you can do to stay safe.

Use Security Software

Keep your antivirus software up to date and consider adding tools like anti-phishing filters or secure email solutions for added protection.

Enable Two-Factor Authentication (2FA)

Where available, enable 2FA. This adds a second layer of verification to keep your accounts safer - even if someone gets hold of your password.

Be Cautious With Emails

Scrutinise emails before clicking on any links or downloading attachments. Check for red flags such as spelling errors, mismatched URLs, or generic greetings.

Regularly Update Software

Install updates to your operating system, browsers, and apps to benefit from the latest security patches.

Back Up Important Data

Back up your critical data to an external drive or cloud storage. This ensures you don’t lose access to your files if malware infects your device.

Educate Yourself and Others

Learn to recognise the common signs of phishing - urgent requests, suspicious links, and unexpected attachments - and share this knowledge with others.

"Being cautious doesn’t mean being paranoid. With phishing, awareness is your best defence."

Sam Kendall, Marketing Manager, Beyond Encryption

Stay Vigilant

Clicking a phishing link can be nerve-wracking, but taking immediate and informed actions can help reduce the damage.

By following the steps above, you can protect your personal information and minimise the risk of further harm.

Stay alert to safeguard yourself from future phishing attempts. The best defence is awareness and caution.

Keep learning about the latest phishing tactics, and always pause before clicking an unfamiliar link or entering personal details.

References

The Latest 2024 Phishing Statistics, AAG, 2024

Top Tips for Staying Secure Online, NCSC, 2021

Action Fraud: National Cyber Crime Reporting Centre, UK Police, 2024

Reviewed by

Sabrina McClune, 01.08.24

Sam Kendall, 14.06.25