What if you Accidentally Clicked on a Phishing Link?

by Carson
346 views
Phishing links

We know what phishing is and tries to avoid it. But, some people are still a bit careless and accidentally clicked on a phishing link.

What is the damage, and how to fix that? And how to prevent that in the first place? Let’s find out.

The Best-Case Scenario

Nothing will happen in the best-case scenario. But cybercriminals won’t be that stupid. They pose threats and tries to steal your information, your money, or both.

In the real best-case scenario, the link leads to a login page similar to famous sites. You may see a Google login page in “accounts.go0gle.com”. But, this is usually resolved by checking the URL. However, the URL may be spoofed by tricking the browser, so be careful when entering credentials.

Just be cautious when entering your personal information, including your passwords, and you’re good to go in this aspect.

The Consequences

Suppose the user is fooled and enters the username and password in the fake login page. In that case, even super-strong passwords will become extremely vulnerable. The attackers can now use the data to login into your real account and do something illegal about it.

For instance, they can change passwords and recovery information to lock you out. After that, they can try to destroy your data, like deleting your account entirely. Also, the attackers can offend your privacy by stealing your business documents and irreplaceable photos.

How hackers use fake login pages
How do hackers access your personal information by a fake login page?
Image Credit: Canva

But phishing gets worse.

Installing Malware and Stealing Your Money

Some URLs only download files on your computer. Scammers take this advantage, too.

Therefore, if it’s just a single click, it may encrypt your files with ransomware or infect your computer with powerful malware. But malware can get much worse. There may be malicious software already installed on the computer, but it’s hidden until a specific date and time. That will destroy your backup plan as newer copies may have already been infected.

Remember that downloading files using hyperlinks is very easy:

<a href="https://www.centralgalaxy.com/download.html" download>Download an HTML file here.</a>

So, keep an eye on that when clicking a link.

How can malware be downloaded through a hyperlink?
Image Credit: Canva

Moreover, if you entered the credentials and submitted the form, it’s too late no matter how swiftly you react. There might be bots that enter your username and password on your accounts and change your login information! It can also spend all your money on the affected bank account within seconds.

The Worst-Case Scenario

There’s even a worst-case scenario where your account will be compromised after a click. That means a link could somehow grant the attackers access to your account without authentication. For instance, they could potentially use that link to activate malware to remotely send signals to your computer so that the associated accounts will be compromised.

What To Do If you Accidentally Clicked on a Phishing Link?

Cut Off the Connection

The consequences will be severe, so cut off the Internet connection right away. However, hackers can pretend that it’s not connected, but it’s still online. Thus, shut down your router and turn off your computer physically to ensure that there is no internet connection. If you have a PC, pull the plug. If you have a laptop, press and hold the power button until the device shuts off, unplug it from your charger, and remove the battery if possible.

Unplug your devices when you think your computer is hacked!
Image Credit: Canva
Run An Antivirus Scan

Then, run a full antivirus scan immediately. If the device is shut down, consider extracting the hard drive and attach it to another computer as a secondary drive. Update the antivirus and ensure that the other PC has good antivirus protection.

In Windows, there’s a convenient option that uses the Windows Recovery Environment to search for malware in your hard drive. Consider launching Windows Defender and choose this option for the next antivirus scan.

But, if you’re still unsure if the device is malware-free (which you should do), you can clear your hard drive and reinstall your operating system. Just clicking on a link won’t necessarily bring that hassle, but that operation may be needed if the malware was hiding deep inside the operating system. To view the full guide against viruses and hackers, please look at the article here.

Recover Your Accounts

Meanwhile, use a third device (neither the compromised one nor the one running the scan) to try to recover your accounts. If you can log in with the current username-password set, it’s equivalent to winning a lottery if you have entered your login information — the hackers likely have changed your password before doing any damage.

If the hackers have changed the password, choose the “Forgot Password” option and see if you can recover the account by the security questions. You’re still fortunate if you can — the attackers could also modify the answers of the security questions to something nonsense and hard-to-guess. If so, the only way to verify is to fill in an email address to be contacted later, which is probably rarely available.

However, if you can’t get in with all methods to authenticate yourself, that account should be abandoned. You can create a new account, but be overly cautious in the future.

Change Your Login Credentials

Once you’ve gotten into the compromised account, change your password immediately. Use your creativity to make up a password as a temporary one, and change your password again once you’ve gotten full control over your account. Make sure both passwords are hard-to-guess but easy-to-remember.

But before you set the final password, change your recovery options and security questions. Correct the recovery phone number and email address so that you can access the account when something else goes wrong. Set the answers to the security questions to individual passwords. They must follow general password rules but are not hard to memorize.

How to secure your passwords and prevent your accounts from being hacked?
Image Credit: Canva

At the same time, you should change all passwords associated with your attacked account, especially if the compromised account was a password manager or your email account. For the best results, ensure that all your passwords are modified, and you turn on multi-factor authentication wherever possible.

Prevent Similar Events in the Future

Once you’ve solved the current case, it’s time to prevent another attack in the future.

Firstly, if the scammers know your email address, they will likely initiate another highly-targeted attack. Therefore, consider enrolling in Google’s Advanced Protection Program for your account.

Also, ensure that all tips in the cybersecurity guide is met, but start with some steps related to phishing.

Don’t Click on Links and Open Attachments. Recognize Spam.

Links and attachments from spam emails, messages, and phone calls are the most vulnerable thing for phishing. Ask yourself ALL of these questions before clicking on them.

  1. Does the email content severely misalign to the fact you know?
  2. Does it create some urgency?
  3. Is the link target legitimate?
  4. Does the email body have many misspellings and mistakes?
  5. Are there generic greetings from organizations that know your name?
  6. Is the sender’s email address abnormal?
  7. Does it ask for personal information or contain a login form?
  8. Does the email look spammy in any other way?

If all your answers are “No”, the email is probably not spam. But, it’s good to ask more questions and think about more aspects before judging an email is spam or not.

However, if even a single question is “Yes”, you should flag that as spam. Of course, apply your own judgment, too. Even if the sender is authoritative, hackers may have somehow gained access to their accounts.

Don’t click on any links on spam emails because they may be phishing links. Ignore the attachments as opening them may download and activate malware. Just delete the email permanently and report the sender if it’s unknown.

Even if the email is not spam, you should go to the URL directly in your address bar in case your friend mistyped the URL. If it’s account-related, log in to your account to see more details and find the right link to do the activity in the email.

Moreover, if the sender is someone you know, tell them because their accounts may have been invaded by scammers.

Examples

Let’s provide an example to better understand the points in the last section.

For example, the message says, “Your account will be closed in 24 hours unless you reset your password”. Then, you must fact-check the content. Large companies and your bank never send those messages. Firstly, look for any abnormalities in the email address. Moreover, log in to the corresponding account to see if problems have been issued.

If so, solve it inside the account page. Still, don’t click the link or open the attachments from the email message. Manually typing in the URL is your best bet. Remember that fact-checking and being vigilant is the best way to see if a message is spam.

If not, it’s 100% spam, and you should delete that.

Secure Your Accounts

Phishing isn’t just about stealing your information and installing malware: It’s one of the largest concerns of cybersecurity.

If your security precautions aren’t good, you can “phish” someone innocently, too. Therefore, secure your accounts with strong passwords and multi-factor authentication.

Also, it’s an excellent idea to have more than one email addresses. Even if one of your accounts is compromised, the other can act as a backup and verify it’s you. Just remember to use strong and unique passwords for each of your accounts.

Conclusion

Today, we discussed some points, including what if you clicked on a phishing link, what to do if you accidentally do that, and how to prevent that in the future. Can you introduce more tips to fight phishing? Let us know in the comments.

References and Credits

  1. (n.d.). Phishing Scams & Attacks – How to Protect Yourself | Kaspersky. Retrieved January 13, 2021, from https://www.kaspersky.com/resource-center/preemptive-safety/phishing-prevention-tips
  2. (n.d.). What is phishing? – Malwarebytes. Retrieved January 13, 2021, from https://www.malwarebytes.com/phishing/
  3. Atomic Shrimp. (2020, April 25). What Happens If You Click On Links In Phishing Emails? – YouTube. Retrieved January 13, 2021, from https://www.youtube.com/watch?v=gqhPkeXMeh0
  4. Bill Minahan. (2019, November 26). What to do if you Clicked on a Phishing Link, 6 Steps – aNetworks. Retrieved January 13, 2021, from https://www.anetworks.com/what-to-do-if-you-clicked-on-a-phishing-link/
  5. Carrie Kerskie. (2020, September 11). 5 Steps to Take After Clicking on a Phishing Link – AgingCare.com. Retrieved January 13, 2021, from https://www.agingcare.com/articles/5-steps-to-take-after-clicking-on-a-phishing-link-178044.htm
  6. Leo A. Notenboom. (n.d.). My Email Is Hacked, How Do I Fix It? – 7 Things You Need to Do NOW! – Ask Leo!. Retrieved January 13, 2021, from https://askleo.com/email-hacked/
  7. Carson. (2020, December 29). 30 Tips to Protect Your Online Security and Privacy – Central Galaxy. Retrieved January 14, 2021, from https://www.centralgalaxy.com/online-security-and-privacy/

Image Credit: Canva

Related Posts

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.