What Should I do if I Accidentally Click on a Phishing Link?

Clicked on a phishing link What should I do if I accidentally click a phishing link? Hi, everyone. Leo Notenboom here for Askleo.com, this is a question I got recently. What do you do if you click on a phishing link? Am I screwed? It depends. It depends on exactly what happened next. So let's review what phfishing links are and what they try and get you to do and where that point of oops really is. 7 click is just a click A click is just a click. Usually most of the time clicking on a link that is crafted to look like something it's not will simply bring you to a Web page. That's all. That's fine. There's generally nothing bad about that. Most of the phishing links are intended to bring you to Web pages that just work. That happen to look like something they're not. For example, a phishing expedition targeting PayPal accounts. When you click on that link, How they fish for passwords it may take you to a page that looks like the PayPal login page. That's fine. Honestly, that part of it so far is fine. There's nothing bad that has happened yet. The problem? Is if you try and sign in. The problem is if you don't notice that, it's not really Paypal. Hopefully you're looking at the URL and the address bar to make sure. But if you don't notice that it's not Paypal and you try to sign in, chances are you're going to get a sign A failed sign in in failed message because it wasn't really Paypa; they didn't want to use your credentials that you just provided them to log you into PayPal. They wanted to collect your credentials that you just typed in. Now, you might be screwed if you get to a situation where you suddenly realize you've clicked on a phishing link and you've tried to log in to a site that wouldn't let you stop. Go to that site some other way, in other words, in PayPal's case, go to paypal.com and immediately try to log in yourself, make sure that all of your security is up to date. Make sure you've got recovery information. Correct. And really, really consider adding two factor authentication. There's a very strong argument that says even if everything looked OK, even if you managed to sign incorrectly with your old password, change the password anyway. Change your password It's possible that the hacker just hasn't gotten there yet. They have your login information, but they haven't gotten around to changing your password. So invalidate the information they have changed your password now to something long and strong and unique as you should. That way, the information that you handed over to the hacker is no longer valid and is no longer something they can use to compromise your account. Now, the other scenario when it comes to phishing is really less about phishing and more about malware. Malware delivery If you click on a link and you suddenly get a download of any sort, especially if you weren't expecting a download, stop. Delete the download. Revisit that email and make sure it is what you think it is. It is very possible that what you've received isn't phishing persay, but it is something that's trying to trick you into installing malware by downloading it. And of course, there is the combination effort, right? There is the combination where a phishing email will attempt to get you to go to a site that looks legitimate to get you to download something that is malicious. So always be on your guard. Always make sure you know what phishing links are. How to protect yourself from them? And the bottom line: assume the worst. When in doubt, assume the worse If you've clicked on something you know you shouldn't have clicked on, assume you've been compromised and depending on what it is, what's involved, take recovery actions, change the password, run the anti malware, change your password, run anti-malware scan scan, whatever is appropriate to the scenario that you're in. The most important lesson from this is simply to always be on your guard and take the time to learn what phishing links look like, what they do and what the telltale signs of a phishing expedition are. It's getting harder. Absolutely. There is no question that phishing can be very difficult to identify. But that's why you need to take your time, get a little educated and when in doubt, don't click. Go to the site using your own bookmark or typed in .URL For updates, for links related to this article, for comments and more, visit askleo.com/132182. I'm Leo Notenboom. This is Askleo.com.Thanks for watching.