Clicked a Phishing Link? What to Do Now

Daniel Zimmermann
Daniel Zimmermann
7 Min Read
Clicked phishing link warning poster with browser trap, fake login panel, and blog.gridinsoft.com watermark.
A suspicious browser link becomes a trap after a phishing click.

If you clicked a phishing link, the risk depends on what happened next. Opening the page and closing it without typing, downloading, allowing notifications, or installing anything is usually lower risk. If you entered a password, one-time code, card details, identity data, or opened a downloaded file, treat that information or device as exposed and act from the real website or app, not from the suspicious page.

For a broader prevention routine before a bad click happens, use our updated guide on how to browse the web securely, including fake updates, risky downloads, notification prompts, and public Wi-Fi checks.

Phishing has also become more active again: APWG recorded 971,181 phishing attacks in Q1 2026, up 13.8% from Q4 2025, with telecom and SaaS/webmail among the most-targeted sectors [1]. That matters because many modern phishing pages do not look clumsy. They use real-looking login screens, HTTPS, QR codes, browser notifications, fake support prompts, and links sent through email, SMS, social media, or hacked accounts.

What happened First action
You only opened the page and entered nothing Close the tab, do not click page buttons, and check whether anything downloaded or a permission prompt appeared.
You entered a password or 2FA code Open the real site manually, change the password, sign out other sessions, and review recovery settings.
You entered card, bank, SSN, tax, or identity details Contact the bank/provider from its official app or known number. Save evidence before reporting.
You downloaded or opened a file Do not reopen it. Delete or quarantine it, then run a full security scan and check startup apps/extensions.
You allowed browser notifications Remove notification permission for that site, then clear site data for the suspicious domain.

If you clicked but did not enter anything

A click alone is not the same as handing over an account. Most phishing pages need you to type a password, scan a QR code, approve a login, download a file, allow notifications, install a profile, or call a fake support number. If the suspicious message used a code instead of a visible link, use our QR code phishing guide to check the domain and post-scan recovery steps. After closing the page, check these items:

  • Did the browser download a file automatically?
  • Did the page ask to show notifications, use the camera, install an extension, or open another app?
  • Did your password manager refuse to autofill on a page that looked like a familiar service?
  • Did you see a browser warning such as Microsoft Defender SmartScreen, Google Safe Browsing, or another security-tool alert?
  • Did the link redirect through several unknown domains or open a fake login, payment, or delivery page?

If none of these happened and the browser/device is fully updated, the practical next step is usually cleanup, not panic: close the tab, clear site data for the suspicious domain, and avoid testing the link again. If the message pretended to come from a real company, verify by typing the official address yourself or using the real app.

If you entered a password or one-time code

Assume the password or code was captured even if you did not press a final submit button. Some phishing pages can capture typed data before a visible form submission. Secure the account from the real service:

  1. Open the official website or app manually, using a bookmark or typed address.
  2. Change the exposed password and any other account where you reused it.
  3. Sign out other sessions and remove unfamiliar devices.
  4. Review recovery email, recovery phone, backup codes, app passwords, passkeys, and connected apps.
  5. For email accounts, check forwarding rules and filters. Attackers often use them to keep reading messages after the password is changed.
  6. Enable MFA if it was not already enabled. Prefer an authenticator app or passkey where available.

If the exposed account is email, banking, work, school, healthcare, cloud storage, or a password manager, handle it before lower-value accounts. A stolen email login can reset many other passwords.

If something downloaded, installed, or changed in the browser

Microsoft notes that Defender SmartScreen in Edge checks suspicious pages, known phishing/malware sites, and downloads, but no browser warning is a guarantee that every new phishing page will be blocked immediately [3]. If a file downloaded or you opened an attachment, treat the device path as a separate issue from the account path.

  • Do not reopen the suspicious file to inspect it.
  • Check Downloads, browser downloads, and recent files.
  • Remove unknown browser extensions, notification permissions, search-provider changes, and suspicious startup entries.
  • Run a full scan with trusted security software. On Windows, scan all drives, not only the Downloads folder.
  • If this was a work or school account/device, report it to IT even if nothing obvious happened.
Run a full system scan after manual cleanup.

After uninstalling the suspicious app or deleting the visible threat, use Gridinsoft Anti-Malware to check hidden files, startup entries, scheduled tasks, bundled apps, browser changes, and other persistence points that can restore malware.

Download Anti-Malware

For browser cleanup, see our guides to disable suspicious browser notifications and reset browser settings. If the page or message used a fake brand or sender, our phishing vs spoofing guide explains why the visible sender can look legitimate.

If you shared payment or identity information

Do not use contact details from the phishing page. Use the bank card, the provider’s real app, a saved statement, or the official website typed into the browser. Ask about blocking pending transactions, replacing cards, changing transfer limits, and monitoring recent activity. If Social Security, tax, ID, or date-of-birth data was exposed, save evidence and use official identity-theft recovery steps. Our identity theft protection guide covers the broader recovery path.

Reporting does not always recover money, but it can help block the site and document the incident. The FTC recommends forwarding phishing emails to APWG at [email protected], notifying the impersonated company, and reporting fraud to ReportFraud.ftc.gov [2]. For SMS phishing, forward the text to 7726 when your carrier supports it. If money moved through an online fraud scheme, also preserve transaction IDs, usernames, wallet addresses, receipts, dates, and screenshots.

FAQ

Can clicking a phishing link infect my phone or computer?

It can, but the more common risk is that the page tricks you into entering data, installing something, or allowing a permission. A fully updated browser reduces drive-by risk, but downloaded files, fake updates, extensions, and profiles still need attention.

I clicked a phishing link on iPhone or Android. Should I factory reset?

Usually not for a click alone. First check whether you entered data, installed a profile/app, allowed notifications, downloaded a file, or saw account/device changes. Escalate if there is a concrete change, not just anxiety after opening a page.

What if I typed a 2FA code but the page failed?

Act as if the code was used. Change the password on the real site, sign out other sessions, remove unfamiliar devices, and watch for follow-up calls or messages asking for another code.

Should I clear cookies after clicking a phishing link?

Clear site data for the suspicious domain. If you entered credentials or the account was open in the same browser, also sign out other sessions from the real account security page.

Can a password manager help?

Yes. If a saved login does not autofill on a page that looks like your bank, email, or social account, treat that mismatch as a warning sign and check the domain carefully.

References

  1. Anti-Phishing Working Group. “Phishing Attack Trends Report, 1st Quarter 2026.” APWG, May 21, 2026, accessed June 7, 2026. https://docs.apwg.org/reports/apwg_trends_report_q1_2026.pdf
  2. Federal Trade Commission. “Phishing.” FTC Business Guidance, accessed June 7, 2026. https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/phishing
  3. Microsoft Support. “How can SmartScreen help protect me in Microsoft Edge?” Microsoft, accessed June 7, 2026. https://support.microsoft.com/en-us/edge/how-can-smartscreen-help-protect-me-in-microsoft-edge
Philadelphia Inquirer is Struck by Cuba Ransomware
New MDBotnet Malware Rapidly Expands a DDoS Network
GoDaddy Refund Phishing Emails Spread Infostealer
Legion Stealer targeting PUBG players
Your Connection Is Not Private: How to Fix It in Chrome, Edge, and Safari
TAGGED:
Share This Article
ByDaniel Zimmermann
Follow:
With a strong background in consumer safety and fraud prevention, Daniel specializes in providing actionable tips and advice to users. His focus is on helping individuals understand the risks of interacting with fraudulent sites and services
Previous Article SVCHOST CRASH memory error fix poster with a Windows service error dialog and RAM module. Svchost.exe Application Error Fix
Next Article What is Fox Ransomware? Fox Ransomware
Leave a Comment

AI Assistant

Hello! 👋 How can I help you today?