What to Do If You Clicked a Suspicious Link
Look, it happens. You're on the train, half-reading a text, and you tap a link without thinking. Or an email comes in that looks completely legitimate - right up until the page loads and something feels... off. A weird URL. A login form that doesn't quite match. That sinking feeling in your stomach.
First things first - take a breath. Clicking a dodgy link is not the end of the world. Seriously. What actually matters is what you do in the next few minutes. And the fact that you're reading this means you're already ahead of most people.
Scenario 1: You Clicked But Didn't Enter Any Information
If you clicked a suspicious link but didn't type anything, didn't download anything, and just closed the page, you're likely fine. Here's what to do to be safe:
Close the page immediately. Don't interact with anything on the site. Don't click any buttons, don't accept any prompts, and don't download anything.
Clear your browser data. Go to your browser settings and clear your browsing data, cookies, cache, and site data. This removes any tracking cookies the malicious site may have placed.
Run a security scan. On Android, open Google Play Protect and run a scan. On iPhone, Apple's built-in protections work automatically. On a computer, run a scan with Windows Defender or your antivirus software.
Monitor for unusual behavior. Over the next few days, watch for anything unusual: unexpected pop-ups, apps you didn't install, sluggish performance, or unusual data usage. If everything seems normal, you're almost certainly fine.
🔗 Want to check the link?
Paste the suspicious URL into our scanner. We'll tell you if it's flagged as phishing, malware, or a scam, without you having to visit it again.
Check a URL, FreeScenario 2: You Entered Your Password or Login Info
Right, this is where things get more serious. But it's fixable - you just need to move fast.
Change the password immediately. Go directly to the real website (type the URL yourself, don't use any links) and change your password. Do this from a different device if possible, in case your current device is compromised.
Change the password everywhere you reused it. If you used the same password on other accounts, change those too. Attackers know people reuse passwords and will try your credentials on every major service.
Enable two-factor authentication. If you haven't already, turn on 2FA for the affected account and all your important accounts. This ensures the attacker can't get back in even if they have your new password.
Check for unauthorized activity. Look for logins from unfamiliar locations, password change requests you didn't make, messages sent from your account that you didn't write, or purchases you didn't authorize. Most services show recent login activity in their security settings.
Log out all other sessions. Most services have a "log out everywhere" or "log out all devices" option in security settings. Use it to kick out anyone who may have accessed your account.
Scenario 3: You Entered Financial Information
If you entered credit card numbers, bank details, or other financial information on a suspicious site, act immediately.
Ring your bank or credit card company. Right now - don't finish reading this first. Call the number on the back of your card (not any number from the suspicious site) and tell them you may have entered your details on a fraudulent page. They deal with this every single day - they'll freeze the card, issue a new one, and set up monitoring. Most banks can reverse unauthorised charges if you report them quickly enough.
Monitor your statements closely for the next several months. Fraudulent charges sometimes appear weeks later. Set up transaction alerts if your bank offers them, so you're notified of every charge in real time.
Consider a fraud alert or credit freeze. If you shared enough personal information for identity theft (name, address, SSN), place a fraud alert with one of the three credit bureaus (Equifax, Experian, TransUnion). For maximum protection, consider a credit freeze, which prevents anyone from opening new accounts in your name.
Scenario 4: You Downloaded a File
If the suspicious link prompted a file download and you opened it, this is the most concerning scenario.
Disconnect from the internet immediately (turn off Wi-Fi and mobile data). This prevents malware from sending your data to the attacker or downloading additional malicious software.
Run a full security scan. Use your device's built-in protection or a reputable antivirus app. You can also scan downloaded files with our free tool. On Windows, run a full scan with Windows Defender. On Mac, consider downloading Malwarebytes for a thorough scan.
Delete the downloaded file if you can find it (check your Downloads folder).
Change passwords from a different device. If malware was installed, it may be logging your keystrokes. Use a different, clean device to change your important passwords.
Factory reset as a last resort. If your device continues showing signs of infection after scanning, a factory reset will wipe everything and start fresh. Make sure you have backups of important files before doing this.
How to Avoid Clicking Suspicious Links in the Future
None of the above is fun to deal with. Here's how to avoid being in this position again:
Pause before you click. When you receive a link in an email, text, or message, especially one that creates urgency, take a breath. Ask yourself: was I expecting this? Does this make sense? Scammers count on you acting impulsively. Learn more about how phishing works.
Preview URLs before clicking. On a computer, hover over links to see where they actually lead. On a phone, long-press to preview. If the URL looks suspicious or doesn't match the expected website, don't click.
Go direct instead of clicking. If an email says your bank account has a problem, don't click the link, open your banking app directly or type the URL yourself. This simple habit defeats the vast majority of phishing attacks.
When in doubt, just check first. Copy the link, paste it into a scanner like ours, and you'll know in seconds whether it's safe. I know it sounds like an extra step, but it's a lot less hassle than calling your bank at 10pm on a Friday night.
Keep everything updated. Updated browsers, operating systems, and apps have the latest security patches that protect against known exploits.
📱 Got the suspicious message as a text or email?
Paste the message text into our analyzer to identify what type of scam it is and get specific guidance.
Analyze a Message, FreeFrequently Asked Questions
Can I get a virus just from clicking a link?
Usually not on an updated device. Modern browsers have strong security. The real danger is entering information, downloading files, or allowing notifications. However, outdated software may have exploitable vulnerabilities, so keeping everything updated is important.
I entered my password on a phishing site. What now?
Change that password immediately from a trusted device. Change it everywhere you reused it. Enable 2FA. Check for unauthorized activity. Contact your bank if financial credentials were involved.
How do I know if my phone has malware?
Watch for unusual battery drain, data usage spikes, unfamiliar apps, pop-ups outside your browser, sluggish performance, or overheating. Run a security scan with Google Play Protect (Android) or check for unusual profiles in Settings (iPhone).
Should I reset my phone if I clicked a phishing link?
Usually not necessary if you only clicked without downloading or entering info. Try clearing browser data and running a security scan first. Factory reset is a last resort for confirmed malware that can't be removed.
The Bottom Line
Clicking a suspicious link feels awful, but it genuinely isn't the end of the world, what matters is how quickly you respond. If you only clicked without entering information, the risk is low. If you entered credentials, change them immediately and enable 2FA. If you shared financial info, contact your bank right away. And going forward, build the habit of pausing before clicking and checking links before opening them.