If you accidentally click a phishing link, you can still stop a malicious actor from gathering sensitive information like passwords and credit card details. The best way to prevent a phishing attack is to identify it before you click. This guide shows how to protect yourself after clicking a phishing link on any platform, whether you use a Windows PC, Mac, Android phone, oran affordable Chromebook. After following this guide, review the types of phishing attacks andhow to avoid them.
1Don’t provide any information or interact with the website
Sometimes, a phishing link can be compelling enough to pass an initial check, and warning bells only go off after you click it. Indicators of a phishing site include:
If you spot any of these signs after clicking a link or notice something suspicious, don’t interact with the website in any way. Actions that can result in a successful phishing attack include:
Exiting the website immediately is often enough to protect your device from malicious actors and malware. Still, sometimes, visiting the website is enough. So, even if you immediately exit the website after clicking a phishing link, follow these steps to protect yourself and your device.
2Disconnect your device from the internet
Disconnecting your device from the internet is vital to stop malware from spreading between devices on your network. It can also prevent malicious actors from accessing your data, assuming they haven’t done so.
After performing this step, you can safely investigate further. Turn on Airplane Mode on a mobile device or laptop or toggle the Wi-Fi switch on a desktop computer.
You may have adjusted your Android phone’s Airplane Mode to keep some wireless connections active (for example, Bluetooth for your headphones). This feature isn’t activated by default, but double-check your wireless connections after turning on Airplane Mode.
3Backup your files
Before you factory reset or scan your device, backup essential files. While you can’t back up your data to the cloud after turning off wireless connections, any device can back up files to a storage device like an external hard drive or one ofour favorite microSD cards.
You should always keep your data backed up in the cloud automatically. Every device can do this, and it’sstraightforward for Android phones. Having a backup means you can wipe your Android phone to clear potential malware without losing data.
4Scan your system for malware
This method varies from device to device. Your antivirus program on your Windows or Apple computer should have a malware scanner built in, but it’s a little tricky for mobile devices. We have a detailed guide on scanning and removingmalware from your Android phone. However, the safest method is toperform a factory reset, so back up your phone and then reset it.
5Update your passwords and credentials on a separate device
From banking apps to sensitive documents, a lot of data stored on your phone is locked behind passwords. However, a phishing attack can provide a malicious actor with these passwords, so you should update your passwords on a separate device. Updating them on the same device is not secure until you’re sure there is no malware on it.
How to create a strong password
Protect your personal information with a strong passphrase
After disconnecting your device from the internet, you can safely update these passwords before returning to the original device.
After changing your passwords, store them in a password manager. We have a roundup of themost secure password managers.
6Report the link
Report the phishing attack when your device is secure again. Most phishing attacks come via text messages or emails, and there are separate methods for reporting these. Your messaging app may have a method to report text messages, usually aReport Spambutton. Our guide walks you through how toreport phishing text messageson your phone. Whether you received a phishing email on your mobile device or desktop computer, you canreport a phishing emailin the same way.
Stay safe from phishing attacks
Phishing attacks aren’t the only way malicious actors can access your sensitive data. Creating strong passwords is helpful, butactivate two-factor authenticationas this can stop someone from accessing data even if they discover your password.
