If you accidentally click a phishing link, you can still stop a malicious actor from gathering sensitive information like passwords and credit card details. The best way to prevent a phishing attack is to identify it before you click. This guide shows how to protect yourself after clicking a phishing link on any platform, whether you use a Windows PC, Mac, Android phone, or an affordable Chromebook. After following this guide, review the types of phishing attacks and how to avoid them.
1 Don’t provide any information or interact with the website
Sometimes, a phishing link can be compelling enough to pass an initial check, and warning bells only go off after you click it. Indicators of a phishing site include:
- An IP address in the address bar.
- A long URL that doesn’t fit in the address bar.
- The URL uses a link-shortening service.
- The URL instantly takes you to a request for payment.
- The website offers free products that require you to pay a small shipping fee.
If you spot any of these signs after clicking a link or notice something suspicious, don’t interact with the website in any way. Actions that can result in a successful phishing attack include:
- Clicking links
- Entering information in forms
- Accepting cookies
- Accepting an automatic download
Exiting the website immediately is often enough to protect your device from malicious actors and malware. Still, sometimes, visiting the website is enough. So, even if you immediately exit the website after clicking a phishing link, follow these steps to protect yourself and your device.
2 Disconnect your device from the internet
Disconnecting your device from the internet is vital to stop malware from spreading between devices on your network. It can also prevent malicious actors from accessing your data, assuming they haven’t done so.
After performing this step, you can safely investigate further. Turn on Airplane Mode on a mobile device or laptop or toggle the Wi-Fi switch on a desktop computer.
You may have adjusted your Android phone’s Airplane Mode to keep some wireless connections active (for example, Bluetooth for your headphones). This feature isn’t activated by default, but double-check your wireless connections after turning on Airplane Mode.
3 Backup your files
Before you factory reset or scan your device, backup essential files. While you can’t back up your data to the cloud after turning off wireless connections, any device can back up files to a storage device like an external hard drive or one of our favorite microSD cards.
You should always keep your data backed up in the cloud automatically. Every device can do this, and it’s straightforward for Android phones. Having a backup means you can wipe your Android phone to clear potential malware without losing data.
4 Scan your system for malware
This method varies from device to device. Your antivirus program on your Windows or Apple computer should have a malware scanner built in, but it’s a little tricky for mobile devices. We have a detailed guide on scanning and removing malware from your Android phone. However, the safest method is to perform a factory reset, so back up your phone and then reset it.
5 Update your passwords and credentials on a separate device
From banking apps to sensitive documents, a lot of data stored on your phone is locked behind passwords. However, a phishing attack can provide a malicious actor with these passwords, so you should update your passwords on a separate device. Updating them on the same device is not secure until you’re sure there is no malware on it.
After disconnecting your device from the internet, you can safely update these passwords before returning to the original device.
6 Report the link
Report the phishing attack when your device is secure again. Most phishing attacks come via text messages or emails, and there are separate methods for reporting these. Your messaging app may have a method to report text messages, usually a Report Spam button. Our guide walks you through how to report phishing text messages on your phone. Whether you received a phishing email on your mobile device or desktop computer, you can report a phishing email in the same way.
Stay safe from phishing attacks
Phishing attacks aren’t the only way malicious actors can access your sensitive data. Creating strong passwords is helpful, but activate two-factor authentication as this can stop someone from accessing data even if they discover your password.
