What to do when you click on a suspicious link

What to do when you click on a suspicious link

/in

What to do when you click on a suspicious link

October is Cybersecurity Awareness Month, and as the tech-savvy friend or family member, people probably come to you for advice. One of the most common questions is: “I clicked a suspicious link. What do I do now?” 

Don’t worry — panic won’t help, but a calm, step-by-step response will. Share this guide with your loved ones so everyone knows exactly how to respond and stay safe. 

If you clicked the link on a work device, immediately contact IT support and follow their instructions. Companies often have specific policies and tools to investigate and remediate security incidents. Quick reporting helps protect both you and your organization. 

If it’s a personal device, here’s what to do next.

Scenario 1: You only clicked the link, and did not enter any information 

Clicking a malicious link can trigger automatic downloads, attempt to exploit browser vulnerabilities, or install malware without your knowledge. 

  • Exit the browser immediately. 
  • Make sure no files downloaded to your device; if so, delete them without opening. 
  • Monitor your device for unusual behavior, which can be a sign of malware. 
    • Examples: Higher-than normal battery drainage, apps crashing, unknown apps/profiles, and persistent pop-ups 
  • Stay alert for suspicious emails, texts, or calls.

Together, these steps help you catch and remove any threats before they cause harm, and keep you aware of follow-up attacks.

Scenario 2: You entered your username and password 

Entering credentials on a phishing site can give attackers access to your account, leading to unauthorized activity, identity theft or further phishing. 

  • Change your password immediately for that account, and force a logout of all devices logged in. This locks out any unauthorized users who may have gained access. 
  • If you have multifactor authentication (MFA) enabled, watch for any push notifications that you did not initiate. Do not approve them. This could mean someone is actively trying to log in with your stolen credentials. 
  • Enable two-factor authentication (2FA) if available. 
  • Create new, unique passwords for any other accounts that used the same credentials. Attackers often try your compromised password on multiple sites (aka called credential stuffing). 
    • Tip: Instead of storing your credentials in your browser, use a password manager such as 1Password. 
  • Watch for suspicious account activity.

By following these steps, you limit the attacker’s access and protect your other accounts from being compromised. 

Scenario 3: You entered credit card or banking information 

Financial data can be quickly exploited for fraudulent transactions, identity theft, or even sold on the dark web. 

  • Contact your bank or card issuer right away. 
  • If possible, freeze your card and get a replacement. 
  • Monitor your statements and report any unauthorized charges. 
  • Enable fraud alerts if your bank offers them.

These actions help you contain the risk, minimize financial losses, and alert your bank to potential fraud on your account.

Scenario 4: You downloaded or opened a file 

Downloaded files from suspicious links can contain malware, ransomware, spyware or other harmful software that may steal your data or harm your device. 

  • Disconnect your device from the internet until you have completed all of these steps. Isolating your device can prevent malware from communicating with attackers or spreading to other devices. 
  • Run a full antivirus and malware scan if on a desktop or laptop. 
  • Check to ensure no new apps were installed if on a phone. 
  • Delete any suspicious files. 
  • In a worst-case scenario, if you have conducted periodic backups it might be best to restore your device to a clean version, from before the file was downloaded.

Remember to: 

  • Always verify links before you click on them.  
    • Tip: Hover over the link to make sure it leads to an official website. If you’re not sure, it’s safer to type in the URL manually. 
  • Enable multifactor authentication for your accounts whenever it’s available. 
  • Keep your software and antivirus updated. 
  • Report all phishing attempts to your email provider and IT/security team. 

Phishing attacks are getting more sophisticated, but a little knowledge goes a long way. Share this guide with your friends and family so they’ll know what to do if they ever click a suspicious link.

Happy Cybersecurity Awareness Month from Cisco Talos!

Cisco Talos Blog – ​Read More