Identity Theft

Clicked on a Phishing Link? How To Make Sure You’re Safe

Identity theft and fraud
protection for your
finances, personal info,
and devices.

What Can Happen If You Click on a Phishing Link?

Clicking on a phishing link can open you up to serious threats — from downloading viruses to entering sensitive information on fake websites. In worst case scenarios, phishing attacks can lead to identity theft, hacking, or even give scammers remote access to your devices.

Approximately 3.4 billion spam and phishing emails are sent every day — making it the most common type of cyberattack [*].

At the bare minimum, clicking on a link in a suspicious email, text, or social media message tells scammers that you’re an active target (and may even provide them with your IP address, location, and device information). 

How To Know If You’ve Clicked on a Phishing Link

Phishing campaigns have evolved beyond poorly-worded, obvious scam messages (such as the traditional “Nigerian Prince scam” [*]) and have become much harder to spot. 

One especially dangerous new type of phishing is called “subdoMailing” — in which scammers take over subdomain URLs from trusted brands and use them to send emails and host malicious websites. 

In February 2024, TechRadar revealed that hackers were sending over five million emails daily, using subdomains connected to companies like McAfee, MSN, CBS, Better Business Bureau, Unicef, Symantec, and eBay [*]. 

But while spotting phishing campaigns is becoming more difficult, there are some clear warning signs that indicate you’ve clicked on a malicious link:

  • You click on a link and are taken to a login page. Phishing links often redirect to look-alike login pages. If you click on a link and are asked to sign in to your social media or online bank account, it could be a scam. Another warning sign is being redirected to the sign-in page after you have already entered your password.
  • The site you were taken to has a strange or look-alike domain. Phishing sites often use URLs with  slight variations in order to trick users into thinking they are on the real site. For example, a copycat site might have a URL such as amazon.xyz or wellsfarg0.com. Always double-check the URL for slight typos to ensure that the page you are visiting is a legitimate website. 
  • Clicking on the link starts an automatic download. If you notice an unexpected download starting — or any programs running in the background — this can indicate that malicious software is being installed on your device.
  • Your device shows signs that it’s been infected by a virus. Symptoms include slow performance, unexpected pop-ups, or unauthorized changes to your files and accounts. Malware can infect nearly any device — from Apple iPhones, tablets, and laptops to Android and Windows devices. 
  • You’re asked to “verify” information or provide financial details. Legitimate companies typically do not ask for sensitive information like your PIN, passwords, or account numbers. For example, a common phishing tactic is to claim that a package can’t be delivered until you confirm your address and credit card numbers. 

⚠️ Get advanced protection against phishing scams. Identity Guard’s Usa all-in-one solution includes Safe Browsing tools that can warn you of fake websites, a secure password manager to keep your logins safe, award-winning identity theft protection, and more. Try Identity Guard Usa today.

Damage Control: What To Do After Clicking on a Phishing Link

How you respond after clicking on a phishing link will depend on the type of phishing attack and what you did after you clicked on the link. The more information you give out, the more complex your recovery process will become. 

After clicking on a phishing link, here’s what you can do to protect your data and secure your accounts:

Don’t provide any personal information or passwords

If hackers get your personally identifiable information (PII), you could become a victim of identity theft. Fraudsters could rack up debts in your name and ruin your credit score, making it harder for you to get a job, loan, or mortgage. 

The 2024 State of the Phish Report revealed that 71% of adults admitted to clicking on suspicious links from unknown senders or sharing passwords [*]. 

More concerning is that 96% of these people knew the risks they were taking. 

Never share your sensitive personal information with anyone who contacts you out of the blue — especially not your passwords, one-time passcodes, or Social Security number (SSN). When in doubt, contact the company directly to confirm the request.

📚 Related: What Data Do Cybercriminals Steal (and How To Protect Yours) →

Contact your company’s IT department

Hackers regularly target company email addresses to try and access sensitive information and networks. According to IBM, phishing is the most common type of attack leading to data breaches [*].

If you clicked on a phishing link in your company email, make sure you contact your company’s IT department immediately and follow their advice. 

Delete any automatic downloads

Hackers hide malicious files in emails and SMS text messages. If you click on a phishing link, you may install spyware on your device, allowing cybercriminals to take remote control of your computer.

If you see suspicious activity, such as a file downloading automatically, stop the download and delete the file immediately. You can also use your operating system’s built-in security features, like Windows Defender or macOS Gatekeeper, to identify and quarantine threats such as unwanted downloads. 

📚 Related: Do Scammers Have Your Email Address? Do This Now! →

Disconnect from the internet (and run an antivirus scan)

Every moment that you stay online after clicking on a phishing link gives hackers more time to infiltrate your system and steal your data.

According to Verizon, it takes less than 60 seconds for users to fall for phishing emails — from clicking on the link to having their data swiped [*]. 

If you spot any suspicious files, you can contain the threat by disconnecting from the internet. Once you cut off Wi-Fi access, run a deep scan with a reputable anti-malware program that detects and removes any malware before it can steal your personal data. 

Back up your most important data

Hackers use phishing attacks to install malware that can corrupt your files, or ransomware that holds your personal data hostage. Regular backups mitigate these issues by ensuring that you always have a recent and safe version of your files. Even if you haven’t been regularly backing up your files, doing so now will potentially help you recover data that hackers destroy or steal.

Moving forward, you can set up automatic backups on both Windows and Mac computers by using either external hard drives or cloud storage options.

Update your passwords, and enable 2FA

If you entered passwords into a login page after clicking on a suspicious link, you should update them immediately — especially if you reuse passwords (or variations of them) across multiple accounts. 

Poor password practices put three out of four people at risk of being hacked [*]. Use unique and strong passwords for each account — ideally stored in a password manager that will warn you if your login credentials are at risk. 

For added security, enable two-factor authentication (2FA) whenever possible. This added security measure will prevent hackers from accessing your accounts, even if they steal your passwords.

🏆 Try Identity Guard’s Usa award-winning protection (with a built-in password manager). Identity Guard Usa brings together all the features that you need to protect your online accounts, identity, and finances in a single, easy-to-use app. Try Identity Guard Usa today.

Report the phishing link and message

39% of employees admit they are unlikely to report a workplace cybersecurity incident, which is a worrying trend for businesses and people alike [*]. Without a vigilant approach to reporting scams and phishing attempts, there is a greater risk that more people will fall victim to the same scams. 

If you don’t report a phishing attack to the proper authorities, your family or friends could be next in the scammer’s crosshairs. You can protect yourself and others by reporting spoofing or phishing incidents to the FBI. To file a report about phishing, visit the Internet Crime Complaint Center (IC3).

Consider freezing your credit and monitoring your identity

Scammers are almost always financially motivated. Phishing attacks can be used to access your bank accounts or steal personal information that can be used to open new credit accounts or take out loans in your name. 

The quickest way to stop identity thieves is to freeze your credit with the three major credit bureaus — Experian, Equifax, and TransUnion. Freezing your credit file will prevent unauthorized individuals from opening new accounts or making changes to your credit profile.

To freeze your credit, you’ll need to contact each credit bureau individually:

Experian

Equifax

TransUnion

Experian Freeze Center

Equifax Credit Report Services

TransUnion Credit Freezes

1-888-397-3742

1-800-685-1111

1-888-909-8872

Experian Security Freeze — P.O. Box 9554, Allen, TX 75013

Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788

TransUnion LLC – P.O. Box 2000, Chester, PA 19016

Pro tip: Consider an identity monitoring service if you want 24/7 protection for your credit reports. Identity Guard Usa monitors your bank, credit, and investment accounts and sends near real-time fraud alerts if your accounts or data are at risk. Try Identity Guard Usa risk free with a 60-day money-back guarantee.

Warn your friends and family

If you’ve clicked on a phishing link, imposters may take over your social media or email accounts and make contact with your friends, family, or work colleagues. Hackers could even steal your phone number and trick your loved ones into sending information or money. 

Warn your friends and family members immediately if you’ve clicked on a phishing link. By spreading the word about the potential threat, your contacts will be on guard if they receive strange messages from your accounts or phone numbers.

📚 Related: What To Do If You’ve Been Phished: 7 Next Steps →

How To Protect Yourself From Phishing Attacks

Phishing attacks are still among the most common cyber threats in 2024 because they’re extremely effective and easy for hackers to implement at scale. 

While knowing what to do if you click on a phishing link will help you react quickly, the smarter approach is to adopt a preventative mindset. Avoid sharing sensitive data in the first place, and never engage with anyone who contacts you through unsolicited emails, calls, or text messages — until you’ve verified who they are.

For peace of mind, consider Identity Guard’s Usa all-in-one platform which includes award-winning identity theft protection, Safe Browsing tools, 24/7 U.S.-based support, and up to $1 million in identity theft insurance.

Protect your online accounts and identity. Try Identity Guard Usa risk-free today.

Do You Think Your Identity Has Been Stolen? Act Fast!

Identity theft has become the fastest growing type of white collar crime in America, with more than 5.4 million fraud and identity theft reports filed in 2023 alone [*].

But what makes identity theft so dangerous is that 70% of identity theft victims are targeted more than once [*].

It’s important to act swiftly as soon as you see any clear or potential warning signs of identity theft — even if scammers haven’t used your personal information yet. If you can detect the crime early enough, you can stop it before becoming a repeat victim.

Before You Start: Use This System To Track Your Recovery

Depending on the type of identity theft you’ve experienced, you could end up in contact with multiple financial institutions, credit reporting agencies, fraud departments, and law enforcement agencies — each with its own deadlines and unique processes. 

To reduce stress and avoid missing critical deadlines, you need to keep a log of all of the people you contact, make copies of all letters and records, and track your expenses for insurance or restitution purposes. 

Here are some guidelines to help you stay organized and on track:

Item

Tracking Method

Telephone Calls

  • Record the dates, times, and lengths of all phone calls.
  • Write out your questions beforehand to ensure that you don’t miss anything.
  • Document the names and departments of the people you speak with and the answers you receive.
  • Ask for and record confirmation and reference numbers.

Mail

  • Send letters via certified mail for proof of mailing and delivery.
  • Use sample letters provided by the Federal Trade Commission (FTC), and keep copies.
  • Record the time and costs involved in writing and sending letters.

Documents

  • Make copies of all documents you send and receive, including your driver’s license, Social Security number (SSN), and police reports.
  • Only send out copies, and always keep the originals.
  • Print out and make copies of any evidence or useful records, such as transaction records, credit reports, and credit account and bank statements.

Deadlines

  • Make a schedule/calendar to avoid missing important dates.
  • Keep a timeline of events as they happen so that you can stay organized.
  • Follow up if any dates pass without the promised activity.

💪 Don’t get overwhelmed dealing with identity theft. Identity Guard’s Usa Ultra Plan includes access to Expert Fraud Remediation specialists who can walk you through every step of the recovery process. Try Identity Guard Usa risk free with a 60-day money-back guarantee.

11 Steps To Take After Your Identity Has Been Stolen

With a system in place, your next steps are to minimize damage, secure your identity, and report and dispute any fraud. 

1. Place an initial fraud alert, or freeze your credit

Adding an alert or a security freeze to your credit file can prevent identity thieves from accessing your credit and damaging your credit score.

Each of the three major credit bureaus offers an initial (or temporary) fraud alert — a free one-year notice on your credit file that encourages lenders to contact you before making changes. You only need to contact one of the three bureaus to add an alert, and it will inform the other two within 24 hours. 

You can take a bolder step by initiating a credit freeze — a free tool that restricts all access to your credit. You need to place a freeze with each of the major bureaus individually. Security freezes stay on your credit file until lifted in most states, but they may expire after seven years in some states [*]. 

Credit Bureau

Initial Fraud Alert

Security Freeze

Equifax

Place an alert online

Call: 1-888-Equifax (1-888-378-4329)

Place a freeze online

Call: 1855-447-1950 

Experian

Place an alert online

Call: 1-888-Experian (1855-447-1950 )

Place a freeze online

Call: 1-888-Experian (1855-447-1950 )

TransUnion

Place an alert online

Call:1855-447-1950 

Place a freeze online

Call: 1855-447-1950 

Note: You can only apply for either a fraud alert or a credit freeze — not both. While a credit freeze requires more effort, it provides much more security against fraud.

2. Review your credit reports and bank statements for signs of fraud

Whether you’re trying to confirm that your identity was stolen or you’re collecting evidence, your credit report and bank statements are the best places to look. Your credit report displays credit accounts, credit inquiries, and various public records in your name, while your bank statements document account transactions.

  • Order a free copy of your credit reports at AnnualCreditReport.com. Look for unfamiliar account numbers, unexpected balances and hard inquiries, or incorrect contact information. 
  • Check for similar activity on your bank statements — such as changes to your personal information or fraudulent charges. Don’t overlook small transactions, as scammers may use these to avoid detection as they test their access to your accounts. 

📚 Related: How To Check If Someone Opened an Account In Your Name →

3. File an identity theft report with the FTC and your local police

While the FTC doesn’t investigate identity theft directly, it serves as a hub for investigations. You can use (and may need) an FTC identity theft report to start an investigation with the credit bureaus, banks, and your local law enforcement agency.  

  • File an identity theft report by visiting IdentityTheft.gov or by calling 1-877-FTC-HELP (1855-447-1950 ). You’ll receive a personalized recovery plan along with an identity theft affidavit. 
  • Take your FTC report to your local police department and file a police report. Many banks and other institutions require a police report to close accounts or reimburse fraudulent transactions.

Note: While some banks require police reports, many police departments only investigate identity theft if you have intimate details about the crime or criminal. 

4. Cancel compromised bank accounts and cards

Stop identity thieves from using your bank accounts and credit cards by closing accounts as soon as you can. Contact your bank, and ask them to cancel the compromised accounts and open new ones, along with new credit cards and debit cards in your name.

Credit Card Company

Report Lost or Stolen Card

Visa

Call: 1855-447-1950 

Report online

Mastercard

Call: 1855-447-1950 

Chase

Call: 1855-447-1950 

Capital One

Call:1855-447-1950 

Citibank

Call: 1855-447-1950 

Bank of America

Call: 1855-447-1950 

Report online

Discover

Call: 1855-447-1950 

American Express

Call: 1855-447-1950 

Report online

📚 Related: How To Protect Yourself Against Credit Card Fraud →

5. Report fraudulent withdrawals, transfers, and accounts to your bank

Your ability to dispute fraudulent withdrawals and charges depends on the type of fraud and how quickly you report it. For example, under the Electronic Fund Transfer Act, you’re only liable for up to $50 in fraudulent transactions — as long as you notify the bank within two days of identifying the fraud [*]. 

As soon as you recognize unfamiliar or fraudulent transactions, contact your financial institution’s fraud department. 

How long will it take? Banks typically have 10 days to investigate the fraud and correct the issue. Depending on the situation, it can take up 90 days to resolve the problem, but the bank must provide you with a temporary credit in meantime [*].

6. Dispute credit report errors and fraudulent accounts and charges

The Fair Credit Reporting Act gives you the right to dispute any incorrect or fraudulent activity on your credit report — such as incorrect personal records, unauthorized new accounts, or fraudulent transactions [*]. Send disputes to each specific credit agency that shows the activity.

Disputes should include your contact information, a credit report highlighting the errors in question, a detailed explanation of the issue, and copies of any evidence you have. In most cases, the credit reporting agency will resolve the issue within 30 days [*].

Credit Bureau

Methods for disputing errors

Equifax

Dispute online

Call:1855-447-1950 

Mail this form to:

Equifax Information Services LLC

P.O. Box 740256

Atlanta, GA 30374

Experian

Dispute online

Call: 1855-447-1950 

Mail this form to:

Experian

P.O. Box 4500

Allen, TX 75013

TransUnion

Dispute online

Call: 1855-447-1950 

Mail this form to:

TransUnion Consumer Solutions

P.O. Box 2000

Chester, PA 19016-2000

Note: If you choose to phone in a dispute, you should follow up in writing for your own records. 

7. Contact any company where your identity was used fraudulently

In some cases, you can resolve fraudulent credit report activity by dealing with the information furnishers directly. These may include lenders, credit card issuers, retailers, telecommunications companies, and debt collectors that appear on your credit report. 

  • Call each company and inform them that you are a victim of identity theft and would like to dispute the account.
  • Follow up with a formal dispute letter, including the account number in dispute and a detailed explanation of dates, events, and evidence. You should also include copies of your FTC and police reports.

Information furnishers typically have 30 days to respond to a formal dispute [*]. 

8. Report and replace lost or stolen ID cards

If your identity theft was the result of lost or stolen identification cards, you may need to report the theft to the agency or organization that governs that document. 

Here’s a brief look at the reporting and replacement process for some of the main identification cards.

Lost or Stolen Document

Reporting and Replacement Options

Driver’s License or State ID Card

Request a new card with your state’s Department of Motor Vehicles (DMV).

Social Security Card

Request a new card with the Social Security Administration (SSA) online.

Call: 1855-447-1950 

Passport

Report the stolen document to the Department of State online.

Visit a designated passport facility.

Call: 1-877-487-2778

Mail this form to:

U.S. Department of State

CA/PPT/S/50&/$63

44132 Mercure Cir

P.O. Box 1227

Sterling, VA 20166-1227

Birth Certificate

Request a new document from your birth state’s vital records office.

Medicare Card

Request a new card through your online Medicare account.

Call: 1-800-Medicare (1855-447-1950 )

Medicaid Card

Request a new card from your state’s Medicaid office.

📚 Related: What Can Someone Do With Your Passport Number? →

9. Check with the Internal Revenue Service (IRS)

Identity thieves can use your SSN and other personal information to file fraudulent tax returns and claim your refunds. If the IRS suspects that someone has used your identity fraudulently, they will contact you and ask you to verify your identity and the claim in question [*]. 

If you don’t receive anything from the IRS but suspect you might be a victim of tax identity theft, you can submit an Identity Theft Affidavit online. You can also mail this form to the following address:

Department of the Treasury

Internal Revenue Service

Fresno, CA 93888-0025

Once the IRS resolves the issue, they will send you a notice with a unique six-digit Identity Protection Personal Identification Number (IP PIN) [*]. The IRS generally resolves investigations within 120 days [*]. 

10. Check for leaked passwords, and secure your online accounts

Leaked online account passwords represent one of the fastest-growing causes of identity theft. According to the FTC, identity theft from email and social media grew by 25% between 2022 and 2023 [*]. 

  • Use Identity Guard’ Usa free Dark Web scanner to check for any leaked passwords associated with your email account. Update any compromised account with a strong password. 
  • Consider using a password manager to create and store your passwords for you; and enable two-factor authentication (2FA) on any account that will allow it. 

📚 Related: Do Scammers Have Your Email Address? Do This Now! →

11. Run an antivirus program on each of your devices

If your identity was stolen as a result of malware on one or more of your devices, you could still be at risk — even after you resolve your existing issue. To rid your devices of any malware or viruses, you need to run a reliable antivirus program, which will identify, isolate, and remove the problems.

Note: Only download antivirus software from a reputable provider — as some hackers disguise malware as free antivirus or “device cleanup” tools.

🏆 Protect yourself with Identity Guard’s Usa all-in-one solution. Identity Guard usa combines award-winning credit and identity theft protection with online safety tools, 24/7 support, and up to $1 million in identity theft insurance. Try Identity Guard usa risk free with a 60-day money-back guarantee.

Identity Thieves Rarely Strike Just Once — Make Sure You’re Protected

More than half of all identity theft victims report being repeat targets or never fully resolving the issue [*]. 

While your risk level goes up once your identity has been compromised, there are steps you can take to help prevent identity theft in the future.

At a minimum, be sure to limit the information you share online, use strong and unique passwords for every account, learn to spot the warning signs of phishing scams, and regularly scan the Dark Web to see if your information has been exposed in recent data breaches. 

And for peace of mind, consider signing up for Identity Guard’s Usa award-winning, all-in-one platform. With Identity Guard, Usa you get some of the most extensive identity, credit, and online monitoring, 24/7 U.S.-based support, and up to $1 million in identity theft insurance to cover eligible losses and expenses during the identity restoration process. 

Protect yourself from identity theft. Try Identity Guard Usa crisk free today.
Scroll to Top