Avoiding clicking on links in emails from an unknown sender is part of email security 101. However, people are prone to mistakes, and like many others, you may be panicking about clicking on a suspicious email link. So, what happens when you mistakenly click on a suspicious link?
If the link attached to the email is a phishing link, it informs the sender that it is a valid and active email address. It can also send basic data such as location, device statistics, and any voluntarily provided information. Clicking on the phishing link can also download some malware to your device.
How Do I Know If I Have Clicked on A Phishing Link?
If you have clicked on a link from a sender you don’t know, the first step is to find out whether you’ve clicked on a phishing link. Scammers use phishing links to gain access to personal information or to download malicious software on your device. Although it might be challenging to tell a phishing email apart due to clever techniques, here are a few signs of a phishing email –
- There are inconsistencies in the email sender domain and URLs, these can be discrete so be sure to pay attention. For example if you were expecting to get an email from an address ending @amazon.com, but it comes from @youramazon.com (or any other variation) then you should be wary.
- There are odd or unusual requests in the email (such as urgent payment requests, or request for information that you know the sender is aware of)
- The language and the wording of the message sounds different than usual (instead of receiving the email in the usual format such as Hey Alex, you receive the email Good Morning Sir – whilst the email address may look right, this type of introduction is unusual and out of the ordinary – be wary!
- The response to clicking on the link is unusual; i.e., nothing happens when you click on the link or when you put your login credentials, the page remains unresponsive
If one or multiple phishing signs check out as positive in your case, you can be sure that you have clicked on a phishing link. So, what happens now?
What To Do If You Click on A Phishing Link?
Disconnect your device from the Internet
After clicking on a phishing link, the first thing you need to do is to disconnect your affected devices from the Internet. If caught in time, turning off the internet access temporarily stops the malware installation process and can prevents it from spreading to other devices. It also stops the malware from sending your personal information and blocks someone from accessing your device remotely.
If you are using a wired Internet connection, simply unplug the ethernet cable from your computer. And if you are using Wi-Fi, go to the Wi-Fi settings on your device and disconnect it from the connected network. You can also turn on the airplane mode on your device. If you cannot access the Wi-Fi settings, switch off the router. After disconnecting your computer, move on to the next steps.
Back up all of your files
The recovery process from phishing attacks can destroy or erase data, so you need to start the backup process as soon as possible. If you regularly backup your data, you might only need to backup files updated or created since your last backup. At this point, you should focus on backing up your sensitive documents first and proceed to other files based on priority. Since your device is not connected to the web, you can use external hard drives and thumb drives to store your data.
Scan your entire system for malware
For this step, you will need a robust, up to date anti-virus program to thoroughly scan your system for malware and to remove it. At the beginning of the scanning, you might get an error message notifying you that the program could not connect to the web. Ignore this message and proceed with the scanning. After the scanning is complete, the program will notify you about the malware found in your system and suggest the best option to remove it.
However, keep in mind that some malware can be disguised as genuine operating files, which can trick your anti-virus program. If your device continuous to malfunction, consult a professional for further investigation
Change your login credentials
Malware can send sensitive information such as login credentials, credit card numbers, bank account numbers to the attackers. If you suspect that you have clicked on a phishing link, change credentials to all of your accounts. Use strong passwords different from the old ones so that the attackers cannot guess your new password. Also, do not use similar passwords for multiple accounts that can further compromise your online security. It is a painful, time consuming process, but one that will save you time and worry in the future.
Inform your organisation
Spammers usually mark the employees of a target organisation to gain access to its IT infrastructure. Meaning, the phishing link you have clicked on might not only be a threat to you but also to your organisation. So, if you suspect that you have clicked on a phishing link, contact the relevant person within your company to log the threat and request their help. It will also alert them and help them defend against possible attacks on their infrastructure.
Set up a fraud alert
Keep in mind that once you have clicked on the phishing link, the privacy of your data has already been compromised. Contact the major credit bureaus to place a free fraud alert on your credit report to protect yourself from credit card fraud. The three major bureaus, Experian, Equifax, and TransUnion, are required by law to notify the other two on your behalf if you contact only one of them. It will also make it more difficult for fraudsters to open new accounts using your personal data.
Stay Cautious in The Future
Once you have received a phishing link via email, it is confirmed that you are a target for the scammers. Additionally, by clicking on that link, you have notified the scammer about the validity of the email address. So, the odds of your email address reaching other scamming groups are pretty high. Also, you are more likely to receive spam emails in the future. So, how can you protect yourself?
To protect yourself from phishing attacks in the future, you need to remove your email address from the Internet. But first, you need to know whether or not your email address already exists on the Internet.
To check your current status, go to Sniff Email — an online platform dedicated to finding out if your email address exists on the Internet. Enter your email address in the search field and click fetch to find out if your email address exists on the web within a few seconds. Based on the results, you can take appropriate action to remove it.