Clicked on a Phishing Link? Here’s What To Do.

Updated on April 23, 2025.

Clicking on a phishing link can lead to serious risks, including malware downloading onto your device or being directed to a malicious website where you’re prompted to enter sensitive information. If you click on a phishing link, don’t panic. Instead, immediately disconnect your device from the internet, run an antivirus scan and closely monitor your online accounts for any suspicious activity or unauthorized transactions.

Continue reading to learn more about what to do if you’ve clicked on a phishing link.

What happens when you click on a phishing link?

If you click on a phishing link two things can happen: malware can start downloading on your device or you’ll be directed to a malicious website. 

Malware can download on your device

One of the major risks of clicking on a phishing link is that malware can be immediately downloaded onto your device without your knowledge. Malware is any malicious software designed to steal data and damage systems.  Some phishing links are designed to trigger malware downloads as soon as they’re clicked, leaving you with little to no time to react.

You’ll be directed to a malicious website

Clicking on a phishing link might direct you to a malicious website that is spoofed to look like a legitimate site that you have an account with, such as your bank or social media account. These sites may trick you into entering personal information, such as login credentials or credit card details. In some cases, simply visiting the malicious site can trigger a drive-by-download, which is a cyber attack that automatically installs malware onto your device without you even having to click anything.

Immediate steps to take if you click on a phishing link

If you click on a phishing link, here are four steps you should take: 

1. Disconnect your device from the internet

The very first step you should take after discovering you’ve clicked on a phishing link is to disconnect your device from the internet. This can prevent malware from being able to fully download on your device and prevent other devices connected to the same network from being infected as well. 

2. Scan your device using antivirus software

Next, you’ll want to scan your device using antivirus software. It will detect and remove the malware or virus that may have been installed on your device when you clicked on the phishing link. While it’s best to have antivirus software already installed on your devices, if you don’t already have one you’ll want to download one. Some reliable options include McAfee Antivirus, Malwarebytes Premium Security and Windows Defender. To download antivirus software you’ll have to connect to the internet. Before you connect back to your internet, make sure no other devices are connected to it and that your router’s software is up to date. 

3. Change your passwords and enable MFA

If you clicked on a phishing link and entered your login credentials onto a spoofed website, it’s important to change your password and enable Multi-Factor Authentication (MFA). Be sure to create strong, unique passwords to prevent further unauthorized access. You can even use a password generator to help create secure passwords to ensure they follow password best practices. MFA adds an extra layer of security by requiring an additional form of verification, such as a Time-based One Time Password (TOTP), in addition to your password. This means that even if a cybercriminal has your login credentials, they won’t be able to access your account with that additional authentication. 

4. Keep a close eye on your online accounts for suspicious activity 

While antivirus software may have removed the malware from your device, you never know what a cybercriminal could have gotten away with. You’ll want to continue keeping a close eye on your online accounts for suspicious activity and unusual transactions. The sooner you notice suspicious activity, the sooner you can act against it. 

As an extra precaution, we recommend placing a fraud alert with one of the credit bureaus to prevent cybercriminals from gaining access to your credit and opening accounts in your name. 

How to avoid clicking on phishing links in the future

The best way to keep yourself safe from phishing links is to avoid clicking them in the first place. Here are a few tips to help you avoid clicking on phishing links: 

Be cautious with emails and messages

The best way to avoid clicking on phishing links is learning how to spot the common indicators of a phishing attempt. Here’s what to look out for. 

• Urgent or threatening language 
• Asking you to provide personal information
• Warnings from your email service provider
• Suspicious links and attachments
• Too-good-to-be-true offers
• Misspelled words and grammatical errors
• Discrepancies in email addresses and domain name

Navigate to the company’s website or application yourself

If you receive an email or text message that seems to come from a company you have an account with and it asks you to click on a link provided, don’t click it. Instead, go to the company’s website or application yourself to ensure you don’t accidentally click on a phishing link. 

Check the safety of links before clicking on them

To check a link’s safety, hover over it to inspect the link and make sure it matches the expected website address. You can also copy and paste the link into Google Transparency Report. If the report says that the site is not safe to go on, do not click on the link. It’s recommended to do both for extra precaution.

Use an email scanner 

An email scanner is a tool that scans email attachments for potential malware, identifying and alerting you if there’s any suspicious activity before you open them. Most email services offer this feature, but consider investing in one if yours doesn’t. 

Invest in a password manager

While a password manager securely generates and stores your strong passwords in an encrypted vault, it also helps you spot phishing sites. If your saved login credentials don’t auto-fill on a website, it’s a warning sign that the site is fake or not the one you originally created an account with. 

Don’t fall victim to phishing links 

Phishing threats are on the rise and becoming more sophisticated. Learning how to spot them can help you avoid accidentally clicking on these malicious links. A password manager like Keeper Password Manager can help protect you from phishing attacks with its autofill feature. If you land on a spoofed website, KeeperFill® won’t autofill your login credentials unless the URL matches exactly with what’s stored in your password vault. 

Start a free 30-day trial of Keeper Password Manager today to start securing your online accounts and keep them safe from phishing threats.