“A breach alone is not a disaster, but mishandling it is.”
-Serene Davis
Indeed, having a response plan ready after you’ve clicked a phishing link on your phone is half the battle.
In this guide, you will learn what to if you clicked a phishing link on your phone and the critical steps to take to limit damage.
The key is to act immediately so you can prevent financial loss, identity theft, malware spread and/or account takeovers.
Unlike our comprehensive blog post on how to avoid phishing scams, this article focuses solely on what to do after you clicked a phishing link on your phone.
1. Stop What You’re Doing and Disconnect From the Internet
This is important because it prevents any downloaded malware from communicating with the hacker’s server.
Even if you think you’ve verified nothing was installed on your device, it is still recommend that you disconnect from the internet.
Either disconnect from the internet or turn on airplane mode. The goal is to cut off any ongoing data transfer.
2. Assess Your Actions and Level of Risk
Clarify whether you only opened the link, or also entered credentials, payment details or downloaded an attachment. Entering passwords, installing something or changing an important setting raises the risk level.
In general, links on their own are not malicious in nature. Clicking on an unknown link is risky, but it’s tough to design a scam that works by only clicking the link.
If you downloaded a file, delete it. Absolutely do not open the file.
3. Secure All Accounts and Data
If credentials were entered, you should change passwords right away. Especially if you use the password you entered for multiple accounts.
First you change the password of the account you entered through the official website and then for accounts you regularly use that have the same password, if applicable.
For example, if you received a phishing mail from bluehost.com and you entered information, you go directly to bluehost.com and change your password there.
Act fast so that no account takeover can be attempted.
Is My E-mail Account Compromised?
Clicking a phishing link alone does not automatically mean your email account is compromised.
Your e-mail account is not compromised if:
- You clicked the link, but
- Did NOT enter credentials
- Did NOT download anything
- And did NOT approve any login or permission.
However, if you did enter your credentials, downloaded something, or approved a login or permission, it is worth your while to look at the following.
If there’s a possibility the hacker has access to your e-mail account, change your password immediately.
For weeks after the incident, keep tabs on your ”sent items.” This is important, because the hacker may attempt to send items from your e-mail account.
Additionally, you can ask your IT department to keep an eye on your ”mail forwarding” settings. It is possible the phisher set it up for mails sent to you, to be forwarded to his mailaccount.
If you manage the e-mail account yourself, you can review these settings under active users, when you are logged into the Microsoft 365 admin-center.
Note: Even if you only clicked the link and didn’t enter any information, it’s still a good idea to review your email account for unusual activity.
Unusual login attempts, unexpected sent e-mails and changes in settings are all tell-tale signs your account is compromised.
4. Enable Two-Factor Authentication (2FA) Immediately
Enabling 2FA adds an extra verification step, so even if attackers have your password, they can’t access your account.
Once you have secured your account by changing your credentials, proceed to the compromised service’s website. (e.g. Bluehost, Microsoft, Discord, WordPress, Amazon, Facebook, etc.)
Enable 2FA of your account through the website’s settings.
Note: this can vary greatly between websites. It is important that 2FA is activated as soon as possible. Especially if you’ve entered any credentials after having clicked the phishing link.
Important:
After enabling two-factor authentication (2FA), make sure that you are the one linking it to your own device. This step is critical; if an attacker sets up 2FA first, they could lock you out of your account.
When you log in after enabling 2FA, the service will typically guide you through the setup process. This often includes downloading an authenticator app, which generates a new verification code every 30 seconds.
During setup, you will usually be shown a QR code. Scan this code using your authenticator app to link it to your account. Once connected, the app will start generating login codes.
It goes without saying that you should be the one setting 2FA up for this account, not the hacker that may potentially have access to your credentials.
This could have serious implications for the safety of your account, so you want to set up 2FA fast and properly.
You will also get access to a backup/recovery code. Store it away safely, preferably in a password manager.
5. Scan Your Phone For Malware
It’s important to check whether something was installed on your device without your knowledge.
Unfortunately, there is no such thing as a ”full scan” button for Android or iOS. A good way to check your device is to use a built-in tool or checking your phone manually.
Luckily, iPhones are not prone to malware infection. For example, Apple makes use of something that is called ”sandboxing.” Sandboxing means that each application can only access it’s own data and not the data of other applications.
For this reason no application is allowed to scan the entire device for example.
Sandboxing and a whole host of other techniques Apple has in place makes scanning your Apple device for malware superfluous.
Android
The first thing to do would be to scan the device using Google Play Protect.
- Open the Google Play Store
- Tap your profile icon (top right)
- Tap Play Protect
- Tap scan to check your apps
This is probably the quickest win on any Android device to protect yourself from malware.
You may also want to consider turning on automatic updates. This keeps the Android system up-to-date and more protected against vulnerabilities.
This is a short and effective guide on what to do if you clicked a phishing link on your phone. It’s application will maximize the safety of your data, identity and bank account.
Frequently Asked Questions
Can clicking a phishing link infect my device?
No. But it is possible in rare cases. Infection can only happen if you download or install something through the link.
Ideally you don’t click any links you suspect of phishing. If you have, do not enter credentials, do not allow the installation of applications and do not grant permissions after clicking the link.
If you entered your credentials for a certain account, that account has been compromised. You can limit the potential damage by going to the specific site, and immediately changing your password.
note: If you use the same password on other accounts, change it there as well.
You don’t need to change your password if you haven’t entered or credentials and didn’t download anything.
The main actions are to close the page, run a system scan (if Android), and monitor for suspicious activity.
Generally, a few weeks is enough time to determine whether your account has been compromised or not. Pay attention to certain settings you know and if they’ve been changed. Additionally, looking at your ”sent items” or ”mail forwarding” settings can help.
1. Determine whether you entered credentials or downloaded anything after having clicked the link.
2. If you entered credentials, change the password of the compromised account(s) on the official website. (Amazon, Bluehost, etc.)
3. Enable 2FA through the settings on the official website. Afterwards, set it up yourself.
4. If on Android, run a scan through Google Play Protect. If on iOS, this step is not applicable.
Geef een reactie