Advanced phishing

What happens if I click a phishing link?

by James Dyer
Published on 11th Jan 2023

Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, credentials, downloading malware, or paying fraudulent invoices. Phishing can result in cybercriminals gaining unauthorized access to organizations’ data, network systems, or applications.

People can be understandably alarmed once they realize they’ve clicked on a phishing link. This article will outline what you should do if you find yourself in that position, explain the risks involved, and help boost your chances of spotting phishing links the future.

What to do after clicking a phishing link

Make sure you don’t interact with the link or any downloaded files further – and remember a file may have downloaded without you realizing. Do not click, install, launch, delete, rename, or do anything to a potentially malicious file. Contact your security team and follow their investigate procedure to ensure any malicious files don’t cause further damage.

If you clicked on a phishing link that took you to a spoofed page entered personal information or credentials, then you’ll need to change your passwords and contact your security team for further advice. Another danger is that attackers usually know whether or not you clicked on the link. So, they may determine you're a good target to continue pursuing. They may also gain information like your IP address and what application you accessed the link through (Chrome, Firefox, etc).

People often ask if they’re safe because they clicked the link on an iPhone. There’s a common misconception that iPhones can’t get viruses. It might not be a disaster if you clicked on the phishing link from your iPhone and didn’t submit any information, but it’s always better to be safe than sorry and contact your IT team. 

How do I know if I clicked a phishing link?

Although phishing attacks are prevalent, many people don't realize when a potential attack is occurring or what happens if they click a phishing link.

It all starts with an attacker creating and sending a message to their targets, usually an email that looks like it's from a trusted source. That could be a brand you're familiar with, a company you do business with, or someone you work with. 

That email likely has some universal traits found in phishing emails, such as a generic greeting, spoofed email address, an urgent request, and then a hyperlink that takes you to the next step of the phishing process depending on the attacker's objective. 

The attacker is trying to get their targets to do one of a few things:

  • Take the user to a web page so they can harvest information 
  • Download malware that spies on the user or collects their data 
  • Download ransomware that could cripple an organization’s entire IT system 
  • Trick an employee into paying a fraudulent invoice 

Here’s some more info on how to spot a phishing link.

What malware could be downloaded after clicking a phishing link?

When threat actors send a phishing email, assuming they aren't impersonating someone else and trying to get a fake invoice paid, they usually have one of two main objectives:

  • To get the victim to submit information
  • To get them to download a malicious file 

Upon clicking the link, malware can be downloaded onto the user's device to spy on their activity or collect their data. The malware will appear to run as a legitimate download. It can then hide in legitimate folders and not do anything malicious instantly, leaving the victim thinking they just opened a remittance pdf. Ransomware could also be used to lock users out of a system encrypt data, with a payment demanded for the decryption key.

Another scenario, is upon clicking the link, the user is taken to a (spoofed) login page that looks pixel perfect. After entering the credentials to log in, the attacker receives the information in plain text, and the user redirects to another web page (often the real version of the spoofed site). The attacker can then use those credentials for account takeover or sell them on to other cybercriminals.

Learn how to identify a phishing website here.

What to do if a link looks suspicious?

If you’ve received a link from an unknown source or think something looks off, close that application and go to the link’s claimed destination directly through Google. Or if it’s a webpage you go to often, check a bookmarked link and see if that shows the same story as the suspicious one.

What next? Make sure you fully understand the signs of a phishing email

Related articles