What should I do if I clicked a phishing link but did not enter credentials?

According to CISA guidance, if you clicked a phishing link but did not enter any information and did not download anything, your immediate risk is low. Disconnect from the internet, run a security scan, and monitor your accounts. You do not need to contact your bank or freeze your credit unless the scan finds something or you notice suspicious activity.

What does CISA recommend if I clicked a phishing link?

CISA recommends acting quickly: disconnect from the internet, run a full malware scan, change your passwords from a different device, and report the incident to the FTC. If you are on a work device, contact your IT or security team immediately rather than trying to fix it yourself.

I clicked a suspicious link on my iPhone. Is my phone infected?

iPhones have strong built-in security that prevents most drive-by malware from installing through a browser link alone. Your main risk from clicking a phishing link on an iPhone is if you entered personal information on the page that opened. If you closed the page immediately without entering anything, your device is almost certainly not infected. Delete the suspicious message.

What if I clicked on a suspicious link on a work computer?

Contact your IT or security department immediately. Do not attempt to fix it yourself. Work devices often have different security policies, and your IT team needs to assess whether company data or the network was exposed. Be direct about what happened, they need accurate information to respond correctly.

Can clicking a suspicious link affect other devices on my home network?

Some malware can attempt to spread across a local network once installed. If you ran a file from a suspicious link, or if your scan found malware, consider scanning all devices on your home network, changing your Wi-Fi password, and rebooting your router. If you only clicked and closed without entering anything, network spread is unlikely.

How do I know if a link is suspicious before I click?

Hover over the link (on desktop) to see the actual URL in the bottom of your browser. Watch for: misspelled domain names (amaz0n.com, paypa1.com), URLs that don't match the claimed sender, links that use URL shorteners in unexpected contexts, and messages that create urgency ("Your account will be closed in 24 hours"). When in doubt, go directly to the website by typing the address yourself instead of clicking.

Is a factory reset necessary after clicking a phishing link?

Rarely. A factory reset erases all malware but also removes all your data. It is only necessary if: multiple security scans detect malware they cannot remove, your device shows persistent symptoms after cleaning, or you ran a malicious file and want absolute certainty. Always try a full security scan first. If you do factory reset, back up your data first and scan the backup before restoring. ## The Bottom Line Clicking a suspicious link is a mistake, not a crisis, if you act quickly. The single most important factor is whether you entered any information or downloaded anything on the page that opened.

Quick reference checklist:

- [ ] Close the browser immediately, do not enter information - [ ] Disconnect from the internet - [ ] Screenshot the suspicious message for reporting - [ ] Run a full security scan before reconnecting - [ ] Change passwords from a different device - [ ] Enable two-factor authentication on key accounts - [ ] Report the phishing link to the FTC - [ ] Monitor accounts for suspicious activity over the next 30 days If you entered financial information, call your bank now. If you are on a work device, call your IT team now. For everything else, the steps above are enough.

What To Do If You Clicked a Suspicious Link

Quick Answer

Clicked a suspicious link? Do these 5 things immediately: (1) Don't enter any information on the page that opened. (2) Close the browser and disconnect from the internet. (3) Run a full security scan. (4) Change passwords for any accounts you use on that device. (5) Monitor your accounts for unusual activity. The steps below explain exactly how to do each one.

It happens to careful people all the time. A text that looks like a shipping notification. An email that appears to be from your bank. A social media message from a friend whose account was already compromised. One click before you notice something feels off.

The good news: clicking a suspicious link does not automatically mean your device is infected or your accounts are compromised. What matters most is what you do in the next few minutes.

This guide walks you through every step, including specific guidance from the Cybersecurity & Infrastructure Security Agency (CISA) on what to do depending on whether you entered any information or not.

What Actually Happens When You Click a Suspicious Link?

Not every suspicious link causes the same type of harm. The risk depends on the type of link, your device, and whether you took any action on the page.

What the Link Does	How It Works	Risk Level
Opens a phishing website	Fake login page that captures your credentials if you enter them	High if you log in; Low if you close immediately
Drive-by malware download	Exploits browser vulnerabilities to install software automatically	Medium, rare on updated browsers
Tracking pixel / data collection	Collects your IP address, device info, location	Low, no immediate account risk
Ransomware download	Locks your files and demands payment	High, requires downloading and running a file
Credential harvesting form	Fake "verify your account" page	High if you submit; Low if you close

The most important thing to understand: if you clicked but did not enter any information and did not download anything, your risk is significantly lower. CISA specifically addresses this scenario, see the FAQ section below.

Immediate Steps: What to Do Right Now

Work through these steps in order. Speed matters, but don't skip steps.

Step 1: Stop, Do Not Enter Anything

If a website opened after you clicked the link:

Do not enter any username, password, or personal information
Do not download anything the site suggests
Do not click "Allow" on any pop-up permission requests (especially microphone, camera, notifications)
Do not call any phone number displayed on the page

Close the tab immediately. If the browser window is frozen or difficult to close, force-quit the entire browser application.

Step 2: Disconnect from the Internet

This single step can stop malware from communicating outward, prevent further downloads, and block attackers from accessing your device remotely.

Device	How to Disconnect
Windows PC	Click Wi-Fi icon in taskbar → Turn off, or unplug ethernet cable
Mac	Apple menu → System Preferences → Network → Turn Wi-Fi off
iPhone / iPad	Settings → Airplane Mode → On
Android	Settings → Network → Turn on Airplane Mode
Work laptop	Contact your IT department before doing anything else

Keep the device offline until you finish the security scan in Step 4.

Step 3: Take Screenshots Before Closing Everything

Before you close everything down, take screenshots of:

The suspicious message or email that contained the link
The website that opened, if visible
Any pop-ups or error messages

You will need these if you file a report with the FTC or your bank later.

Step 4: Run a Full Security Scan

On Windows:

Search for "Windows Security" in the Start menu
Click "Virus & threat protection"
Click "Scan options"
Select "Full scan", not Quick scan
Click "Scan now" (this takes 30–60 minutes)

On Mac: macOS does not include built-in antivirus. Download Malwarebytes for Mac (free version available), install it, and run a full scan.

On iPhone or iPad: iPhones are sandboxed and do not get traditional malware from clicking a link. Your main risk is phishing, entering information on a fake site. If you did not enter any information, your device is almost certainly fine. Delete the suspicious message and move to Step 5.

On Android:

Open Google Play Protect (Play Store → Menu → Play Protect)
Tap "Scan" to run a check
Or download Malwarebytes for Android and run a full scan

Step 5: Change Your Passwords

Even if the scan comes back clean, change passwords for the following accounts from a different, trusted device:

Email accounts (Gmail, Outlook, Yahoo)
Banking and financial accounts
Any account you were logged into on that device
Any account where you use the same password as your email

Use a different device because if your original device is compromised, changing passwords on it gives the attacker the new credentials too.

After changing passwords, enable two-factor authentication (2FA) on every account that supports it. CISA and the FTC both recommend 2FA as the most effective step you can take after a phishing incident.

Did You Enter Information? Here Is What to Do Next

The actions below depend on what, if anything, you typed into the page that opened.

Scenario A: You Clicked But Did Not Enter Anything

This is the most common outcome. CISA guidance is clear: if you clicked a phishing link but did not enter credentials or download anything, your immediate risk is low. Still complete Steps 1–5 above as a precaution. No need to contact your bank or freeze accounts unless the scan finds something.

Scenario B: You Entered a Password

Act immediately:

Change that password on every site where you use it, from a different device
Contact the company whose login page was faked (your bank, Google, Amazon, etc.)
Check your account's recent login history for access from unfamiliar locations
Enable 2FA on the affected accounts
Report the phishing page to the FTC at ReportFraud.ftc.gov

Scenario C: You Entered Financial Information (Card Number, Bank Account)

Contact your bank or card issuer immediately using the number on the back of your card. Tell them what happened. Ask them to:

Flag your account for suspicious transactions
Issue a new card number
Block any unauthorized charges

Also place a fraud alert with the three credit bureaus (Equifax, Experian, TransUnion). A fraud alert is free and requires lenders to verify your identity before opening new credit in your name.

Scenario D: You Downloaded and Opened a File

This is the highest-risk scenario. A file that ran on your device may have installed malware.

Disconnect immediately (Step 2)
Run the deepest security scan available
If the scan finds nothing but your device behaves strangely, slow, crashing, pop-ups, contact a professional or consider a factory reset
Change all passwords from a different device
Contact your bank even if you did not enter financial information, as some malware captures keystrokes

Where to Report a Suspicious Link

Reporting takes less than five minutes and helps protect others.

Who to Report To	What to Report	Link
FTC (Federal Trade Commission)	Phishing emails, smishing texts, scam websites	ReportFraud.ftc.gov
CISA	Phishing targeting government or infrastructure	CISA.gov/report
FBI Internet Crime Complaint Center (IC3)	Financial loss from online fraud	IC3.gov
Your email provider	Phishing emails (use "Report phishing" button in Gmail, Outlook, etc.)	In your email app
Anti-Phishing Working Group	Forward phishing emails	[email protected]
Your bank or card issuer	If financial information was entered	Number on back of your card

Signs Your Device May Be Compromised

Watch for these in the days following the incident:

Unusual battery drain or device running hotter than normal
Apps you did not install appearing on your device
Contacts receiving messages from you that you did not send
Browser redirecting to unexpected websites
Pop-ups appearing even when no browser is open
Passwords stopped working on accounts you haven't changed
Unexpected charges on bank or credit card statements

If you notice any of these, run another scan and consider contacting a cybersecurity professional.