Clicked A Phishing Link? Here’s What Happens & What To Do Now


Did you click a suspicious link from an email or text? It’s pretty common to accidentally tap a link, with around 40% of emails globally being spam and the average American receiving 14 unsolicited SMS texts per month. Here’s what usually happens when you open a phishing link.

After clicking a phishing link, the sender knows you are a valid target. The attacker receives some basic data like approximate location, device statistics, and any information voluntarily provided. A phishing link may download malware. Users should take precautionary measures.

Here are some of the most frequently asked questions about phishing links. We’ve also listed and defined the lesser-known types of phishing. Some have funny yet threatening names.

Worried woman just clicked a phishing link on her smartphone

How do I know if I clicked a phishing link?

If you clicked a phishing link, it’s critical to stop interacting with the page and delete any downloaded files. Search for the intended target site using a search engine. Compare the legitimate web address and content to the phishing site. Watch for suspicious account activity, calls, or texts.

Follow-on signs of phishing include

  • suspicious email messages
  • social media posts with shortened links
  • copy-cat website URLs
  • web pages requiring account login details
  • emails with misspellings and unconventional sentences

If the attackers succeeded in collecting data, phishing scam victims might receive manipulative calls or text messages urging them to take further actions. Once a target has responded to a first phishing attempt, there’s a higher likelihood they will continue to fall prey to future prompts.

Don’t Do It: 

Now’s the perfect time to be super suspicious and selective about all your online activities.

Can my smartphone be hacked by clicking on a phishing link?

A smartphone can be hacked by clicking a link found in email, text messages, or software. Tapping or opening a phishing link can expose users to automatically downloaded malware. Sometimes, the malicious link may redirect a user to a malicious website or application controlled by hackers designed to collect user information or infect a mobile phone.

A cybercriminal doesn’t need to get hold of your smartphone to infect it with malware. If your phone is connected to the internet, hackers can infiltrate your device through phishing links.

Sometimes, the messages can seemingly come from legitimate companies or reputable organizations as a notice about their services or apps. Clicking or tapping on these phishing links can open a pathway into your smartphone.

Pop Quiz:

Take a look at this text I received. Study the message carefully. Can you identify the 5 suspicious parts that should set off alarms? Scroll below for the answers.

Clicked a phishing link? Here's what happens & what to do now
  1. Hook: Many people would be worried about losing $300 unexpectedly.
  2. Curiosity: We don’t know who the user is, but the transaction was approved.
  3. Urgency: “Venmo” wants you to review the “transaction” (picture me using air quotes) for any problems. The attacker legitimized the message by using the correct support email and phone.
  4. Copy-Cat Link: The link has the word Venmo, but it’s clearly not help.venmo.com (the correct URL).
  5. Bad Formatting: Companies the size of Venmo ensure their notifications are well-formatted.
    a. The grammar is incorrect.
    b. The toll-free phone number has the dash in the incorrect place not following the formatting of US or Canadian telephone numbers.
    c. There are odd spaces before the commas and colons.

It’s also possible that the text message originates from an out-of-service or disconnected phone number making it unwise to call it.

Worried man chewing glasses staring at smartphone after receiving a phishing link

Effects of Phishing Links on Smartphones

Phishing links may exploit smartphones with various malware. The attack surface on smartphones is typically smaller. Purpose-built apps can compromise your mobile phone, causing apps to malfunction, slow your device, install unnecessary apps, drain the battery and consume your data plan faster.

What if I clicked a phishing link on my iPhone?

Investigate where the link redirected the iPhone. Identify the targeted accounts and proactively change their passwords. Avoid disclosing personally identifiable information on any app or service, including your iCloud account. Review your device for unrecognized apps, files, texts, or emails.

iPhones are a bit more protected than Android phones in their susceptibility to malware via phishing links. Clicking a phishing link on an iPhone doesn’t immediately expose your sensitive information unless you open any website or app. That’s why it’s critical to stop interaction or activity if you’ve made a mistake.

If your phone is not jailbroken, you’re generally safe from malicious apps. Apple has in-built solid security measures to prevent such incidents.

What if I clicked on a phishing link on my Android phone?

Review where a phishing link redirected your Android phone, noting the site address or any files downloaded. Do not interact with the suspect webpage. Delete any downloaded files. Scan the device for malware using a trusted app. Proactively change the passwords on any targeted account.

Android phones are a bit more susceptible to attacks due to the open nature of the mobile operating system. Since it’s possible to side-load new apps or apps from non-official sources, Android users that have riskier usage habits have the potential to damage their device or have information stolen from phishing attacks.

What is a phishing link?

A phishing link is a malicious website address designed to steal personal, financial, or account information. Phishing links may initiate malware downloads or browser-based script attacks. Mobile and desktop devices are susceptible to this type of exploit. Users must inspect links before clicking them.

By the way, some browsers have built-in functionality to help guard your privacy. I use and recommend Brave as a safer browser with a familiar Chrome experience.

Attackers sometimes masquerade as a legitimate company to entice their target. Once you click on the seemingly genuine link, you’ll be redirected to a malicious website prompting you to use your credentials. Clicking on a phishing link may also install malware into your device to monitor and steal your data.

Phishing links don’t just target individuals but can be an attempt to compromise a company’s network and secured data. If an employee clicks on the link, attackers can potentially access the whole network. It’s best to have a work phone dedicated to accessing corporate resources.

What are examples of phishing links?

Examples of phishing links include notifications of new payment, account deactivation, tech support offer, an unpaid invoice, or giveaway winner. Generally, phishing links lead to copy-cat websites via look-a-like or shortened URLs attempting to steal account information or download malicious files.

Cybercriminals constantly develop new techniques and methods to execute phishing attacks. These attackers often create urgency, panic, and fear in their victims to manipulate them.

It’s crucial to stop and carefully review a link or requested actions when there’s a sense of urgency in the message. Look out for the red flags such as poor grammar, sense of urgency, request for personal information, and offers that look too good to be true.

Concerned executive holding his smartphoine after receiving a whaling type phishing attempt

What are the types of phishing?

The types of phishing attacks grow as cybercriminals find new social engineering techniques, communication channels, and types of targets to attack.

Email phishing

Phishing emails are spam or fraudulent emails containing a malicious website phishing URL or attachments with embedded URLs. This is the most common communication channel due to the low cost of launching a campaign. However, spam filters are evolving to include AI and machine learning allowing better identification and quarantining of suspicious emails.

I wrote up a complete breakdown of what happens when you open a spam email that successfully got you to click on its link.

Vishing

Vishing is a call-based phishing attack that entices a target to expose confidential information to cybercriminals via a phone call. Vishing is usually more convincing but requires a highly researched target. It’s one of the least used, with only 1% of the phishing attacks attributed to vishing.

Smishing

Smishing is an SMS phishing campaign aimed at stealing personal or corporate confidential data from targets. Smishing victims usually receive deceptive text messages urging them to act urgently, sometimes from spoofed phone numbers.

Spear Phishing

This targeted attack on victims through emails or text containing plausibly accurate information on or around the target to manipulate the victim into action. The mark is usually driven more effectively due to the increased legitimacy of the message.

Whaling

Whaling is spear phishing a high-valued target usually carried out against important personnel of a target company.

The attackers may impersonate the top executive to lure a company’s accountant or IT personnel into obeying specific instructions.

Whaling or CEO fraud is usually aimed at stealing sensitive information, accessing a corporate network, or defrauding the company.

Mike Chu

Mike is a web developer and content writer living as a digital nomad. With more than 20 years of devops experience, he brings his "programmer with people skills" approach to help explain technology to the average user. Check out his full author bio by clicking here.

Recent Posts

Share via
Copy link
Powered by Social Snap