Phishing attacks are a common and increasingly sophisticated form of cybercrime.
If you’ve clicked on a phishing link, it’s crucial to act quickly to mitigate potential damage.
Here’s a step-by-step guide on how to spot a phishing message and what to do if you find yourself in this situation.
Phishing attacks are a type of cybercrime where attackers pose as legitimate entities to deceive people into revealing sensitive information such as login credentials, credit card numbers, or other personal data.
These attacks can take various forms including email, social media messages, phone calls, and text messages.
The primary goal is to trick the recipient into taking an action that benefits the attacker - such as clicking a malicious link, downloading malware, or providing confidential information.
In 2022, fraudulent emails accounted for nearly 50% of all sent emails, with phishing remaining one of the most common forms of cybercrime, equating to an estimated 3.4 billion spam emails sent every day.
This is the most common form, where attackers send fraudulent emails appearing to be from trusted sources.
These emails often contain links to fake websites designed to steal information.
This method uses phone calls to deceive people into providing personal information.
Attackers often pose as representatives from banks, government agencies, or technical support.
This approach uses text messages to lure people into clicking malicious links or giving up personal information.
If you’ve clicked on what you believe to be a phishing link - don’t panic. Follow these steps straight away:
The first and most crucial step is to disconnect your device from the internet.
This prevents malware from spreading or communicating with a remote server.
If you were directed to a webpage asking for information, do not enter any details. Close the browser window immediately.
Run a comprehensive malware scan on your device using reputable antivirus software such as Bitdefender, Norton, or Avast.
If you don’t already have antivirus software, use a different device to download one and transfer it using a USB stick.
If you entered login credentials on the phishing page, change those passwords immediately.
Use strong, unique passwords for each account. The National Cyber Security Centre recommends combining three random words.
Consider using a password manager to store your credentials securely.
Check your bank accounts, credit cards, and other financial services regularly for suspicious activity.
Report any unauthorised transactions to your provider straight away. Even if nothing has happened yet, it’s wise to inform your bank of the situation so they can watch for issues.
Forward suspicious emails to report@phishing.gov.uk.
You should also report the event to Action Fraud if you:
Prevention is better than having to recover from an attack. Here’s what you can do to stay safe.
Keep your antivirus software up to date and consider adding tools like anti-phishing filters or secure email solutions for added protection.
Where available, enable 2FA. This adds a second layer of verification to keep your accounts safer - even if someone gets hold of your password.
Scrutinise emails before clicking on any links or downloading attachments. Check for red flags such as spelling errors, mismatched URLs, or generic greetings.
Install updates to your operating system, browsers, and apps to benefit from the latest security patches.
Back up your critical data to an external drive or cloud storage. This ensures you don’t lose access to your files if malware infects your device.
Learn to recognise the common signs of phishing - urgent requests, suspicious links, and unexpected attachments - and share this knowledge with others.
"Being cautious doesn’t mean being paranoid. With phishing, awareness is your best defence."
Sam Kendall, Marketing Manager, Beyond Encryption
Clicking a phishing link can be nerve-wracking, but taking immediate and informed actions can help reduce the damage.
By following the steps above, you can protect your personal information and minimise the risk of further harm.
Stay alert to safeguard yourself from future phishing attempts. The best defence is awareness and caution.
Keep learning about the latest phishing tactics, and always pause before clicking an unfamiliar link or entering personal details.
The Latest 2024 Phishing Statistics, AAG, 2024
Top Tips for Staying Secure Online, NCSC, 2021
Action Fraud: National Cyber Crime Reporting Centre, UK Police, 2024
Sabrina McClune, 01.08.24
Sam Kendall, 14.06.25