What to Do Immediately If You Clicked on a Phishing Link
It happens to the best of us: you can be aware of all the latest phishing scams and still fall for one. While the realization that you just clicked on a fraudulent link definitely causes panic, there are a few simple steps you can take to minimize the damage and protect your devices and data.
What to do if you entered information on a suspicious site
This seems to go without saying, but it’s worth mentioning: Ideally, you won’t enter any information into any text fields or download anything from a suspicious site. However, if you entered your information somewhere, according to the information technology department of the University at Buffalo , you need to change the password on the account that was attacked. If you’re using the same password for any other accounts, change those too – and make them unique.
If you’ve entered information related to your finances, call your bank’s hotline (most likely on the back of your debit or credit card) and report the incident. Check your statements for signs of account misuse or abuse. Consider blocking your credit history to prevent anyone from opening a new account, and check your bank’s website for specific advice on what to do next. If you transferred money to a scammer, report the incident to the local police.
Block your credit reports (Transunion, Equifax, Experian, and Innovis) and notify the Federal Trade Commission that you have been scammed, especially if you entered your social security number.
How to protect your accounts and devices
Whether you’ve entered any information or not, here’s what you should do after clicking on a phishing link, according to cybersecurity firm aNetworks :
- Disconnect your device from the Internet to prevent malware from spreading to other devices on the network.
- Back up your device with physical external devices like USB sticks so you don’t have to reconnect to the internet but you can be sure your data won’t be deleted.
- Scan your device for malware, but be aware that if you don’t already have an antivirus program installed and you’re not a techie, you may need specialist help.
- Change your credentials on all your accounts and enable two-factor authentication if possible.
Christopher De Gaeta, director of IT services at G/O Media, explained that after you clean up the malware – or if you don’t find any – you will be able to connect to the internet again so you can change your passwords and enable multi-factor authentication , although “some may argue that this is not entirely safe, and only wiping the computer is the sure way to ensure.” Consult with a professional or your IT department to determine if cleaning is necessary before reconnecting. I once clicked on a phishing link and De Gaeta talked me out of my fatal spiral, so I can vouch for his credibility and the value of going straight to your IT department, even if you’re confused.
De Gaeta also suggested setting up scam alerts, especially if you gave out any sensitive information like a social security number, because someone who got your details would “rarely wait to start using it.”
Once you’ve followed these precautions and the panic has subsided, be sure to take some steps to ensure this doesn’t happen again. Spend some time learning about different types of scams like “smishing attacks” and improve your tech savvy so it’s easier for you to recognize the next phishing attempt because there’s going to be another one. Scammers don’t take a break, so you shouldn’t either.