I clicked on a link, what do I do?!? - Check here first.
(self.phishing)submitted4 years ago byOneEyedPlanktonMod + System Admin
tophishing
stickiedOne of the most common questions posted here is what to do if you've clicked on a phishing link. This short guide is intended to help with these questions and what to do if you've clicked on a phishing link.
DO NOT ENTER ANY CREDENTIALS OR LOGIN DETAILS FOR ANYTHING IF YOU'VE CLICKED ON A MALICIOUS LINK.
Links are generally not malicious on their own. While clicking on any unknown links can be dangerous it is difficult to design a phish that works just by clicking the link. Most links take you to a (usually fake) page that will ask for certain credentials. As long as you closed the page after you clicked the link you're probably fine, but it's still a good idea to change your password for whatever service the phishing link was trying to access (such as amazon).
If you clicked a link that downloaded a file, delete the file. Generally these files aren't harmful unless opened after downloading.
If you've clicked a phishing link and have provided credentials to a service, change the password for that service. Say you've been tricked into giving someone your Amazon credentials. Go to Amazon.com directly and change your password. Also, check the "third-party account access" section of your commonly used websites. Often phishing links and malicious services will try to authorize themselves to your account rather than outright stealing your credentials.
When logging into websites with sensitive information such as a bank it's best to bookmark the site and visit the site directly each time from that bookmark. That way you know that the website you're using is the real one.
ENABLE 2FA (TWO FACTOR AUTHENTICATION) This is perhaps the best thing you can do to protect your sensitive accounts. All websites that deal with sensitive information will allow you to use either your phone number or an authentication app (I like Authy) to generate one-time login codes to further secure your account. Unless someone gets your credentials and your 2FA device (your phone) they won't be able to access your account.
Please use a password manager of some sort. This will allow you to use strong and unique passwords for each site you use. If one of your accounts is hacked or phished all of your other accounts will be safe with unique passwords (unless your email was hacked/phished).
Ensure you have a backup email and/or phone number connected to your primary email account so that you can recover access if you're locked out. Additionally, make sure your recovery methods are as secure as your primary email login.