So you think you may have clicked on a phishing link. What now?
Before you do anything else, you need to make sure that it was a phishing link that you clicked on rather than just assuming things. If you’re sure it was a phishing link, then you can skip the following section. Everyone else—here’s how you can be sure it was a phishing link.
What Is Phishing?
No matter how careful one is in general, we are all susceptible to clicking on suspicious links. Often, the intent behind these links is trapping unsuspecting people with phishing scams. Phishing scams use emails and texts that seem to be from someone you know, such as a friend, colleague, or company.
They use these tricks to win your trust to entice you to click on a link to a bogus website, share personal data, or download a malicious file on your smartphone, laptop, or computer. If you open an attachment or click on a phishing link in these emails or messages that appear to be from someone you know and trust, malicious software like ransomware, spyware, or a virus will be installed on your device.
It usually happens behind the scenes, so the average person cannot detect it. Once the malicious software is installed, it may collect your confidential data, deliver further phishing emails to people in your contact list, or provide a fraudster with remote access to your computer.
For example, PayPal scammers can send out malicious emails that tell recipients to click on a link that would “fix the problem” with their accounts. Instead, the link redirects you to a website designed to imitate the login page of PayPal. When the victims attempt to verify themselves, their login information is collected, and this information is provided to cybercriminals.
How to Tell If You’ve Been Phished
The growing complexity of phishing scams makes it hard for technology to detect and prevent them. However, phishing messages usually have several “hooks” that you need to watch out for. If you can spot these hooks, then you can stop the phishing attack from being effective. The following are signs of phishing to watch out for.
Unusual Email Sender Domain and URLs
Look for inconsistencies in email addresses, links, and domains as it is a quick way to detect a possible phishing attack. It is worth checking the source email address and comparing it with past emails from the same sender.
Point the cursor over the link to check what comes up. If the email is supposedly from PayPal, but there is no “paypal.com” in the link’s domain, be suspicious.
There are sometimes legitimate reasons why these links might look odd. The sender may be using a URL shortener like Bitly, an email service like Mailchimp, or marketing tracking software.
But in general, be careful clicking on the link if the domain names don’t match.
If the email asks for something that is not normal, that is also an indication that the message might be malicious.
For instance, if an email appears to be from the IT team asking for software to be installed, or following a link to repair the PC, but this type of operation is normally done centrally, that’s a major sign that you’ve gotten a phishing email and you should not do what it says.
When reading a phishing email, the first thing that typically raises concern is that the wording is not quite right, such as a colleague unexpectedly knowing too much or a family member being surprisingly formal.
You click the link, but nothing appears to happen, or you put in your credentials to log in, but nothing happens. However, malware may be downloaded in the background.
After going through the explanation of phishing and its signs, you are sure that you have clicked on a phishing link. So, what should you do now? Here is what you need to do if you think you clicked on a phishing clink and may have downloaded malware.
- Disconnect from all networks, disconnect any attached storage drives, and either turn off your device using the shutdown prompt or power button (safest option) or start running a virus scan. Delete any malware you find.
- Try quickly resetting the exposed password to something else if you’ve entered your credentials into a phishing site.
- If it’s a work device, notify your IT department or IT support company if you have one and await the next steps.
The next steps depend on a lot of different variables.
How certain are you that you were hacked or phished? Has ransomware been installed on your device and started encrypting your files? Do you think you’ve succeeded in resolving the threat? How certain are you? Do you have a technical person you can rely on for help? If not, can you afford to find one, and is it worth it to you?
If you have a technical resource to rely on, let them handle it. If not, consider taking the following steps.
Next Steps If You Know or Suspect That Malware Was Installed On Your Device
- As mentioned, scan your device for malware and delete any malicious files that show up.
- Antivirus software isn’t perfect and may not detect or remove all forms of malware. Make sure your virus definitions are up to date and run scans more often than normal. Be on the lookout for signs of infection, such as your device or internet being slow.
- Try to delay the following until you’re sure you’re virus-free: reconnecting to any networks, performing any backups, or logging in to any important resources.
- Consider restoring from a full system backup if you have a recent one.
- If you’re a business, consider signing up for a network or firewall monitoring service. They can detect abnormal traffic going in and out of your network
Next Steps If You Know or Suspect You Entered Your Credentials into a Fake Website
- If you can access the account and reset the password, great. Think of what the intruder might have had access to if they could access your account, including other account logins, financial info, or client data. You may need to change these other credentials, open new financial accounts, or notify clients of a potential breach.
- The hacker may have already changed your password themselves and locked you out. Fortunately, there are a lot of services like Google that prevent things like this from happening by blocking logins from unknown devices and IP addresses (e.g., “Is this you?” emails). Now you need to get in touch with whoever manages the account in question and get them to restore access to you, either your account admin or the customer support department of services like Office 365, banking websites, etc.
After you get control of your account and reset your password, do the things mentioned above, and you should be good.
Am I Overreacting?
It’s possible. Sometimes legitimate services use non-branded domains, and login systems and devices may act funny without it being a phishing attempt or virus. It’s always better to err on the side of caution though, especially if this is a work device with access to important resources. The less tech-savvy you are, the more you should consider reaching out to professional IT resources for help.
Should I Try to Keep It to Myself?
If this is a work device or account, no. Even if you think you fixed the issue yourself, you should still notify your superiors and/or your IT department about the potential breach. They can initiate a more thorough and informed check and help keep an eye out for unusual activity.
Unless you don’t have any superiors or IT department, don’t try to get someone outside the company, like an MSP or a tech-savvy relative, to try to investigate the issue on the sly.
Everyone makes mistakes, and most superiors and IT people will understand this. Especially if you’re one of those people like executive assistants and recruiters that have to sort through hundreds of emails a day, some of them urgent and many quite similar to each other.
Hiding or delaying reporting the potential issue can make things a lot worse. You might be surprised what sensitive resources like credit card and customer data your device or account has access to, or how easy it is for a skilled hacker or scammer to use your device or account to finagle such access.
And every minute you wait is another minute for a hacker to gain access to more data and permissions, install more remote access tools and encrypting ransomware on more assets, do more damage, and get even deeper access to your network.
In summary, if you think you’ve clicked a phishing link, the best thing you can do is reach out for help. If you don’t have an IT department, you can reach out to a businesses IT services company like us at GeekTek. We can help you investigate, isolate, and fix the issue, and implement security measures (including firewalls that block potential phishing attempts from reaching your inbox in the first place), policies, and training programs to prevent it from happening again.
If this is a personal device, you can try either reaching out to a tech-savvy friend or relative or a consumer tech support company like Geek Squad, or try some of the suggestions mentioned above.
It could just be a false alarm, and may not be worth the hassle or expense if it’s a personal device or account with nothing important on it, but it’s best to err on the side of caution and make sure you’re in the clear if you can.