What to Do If You Clicked a Suspicious Link

Clicking a phishing link is a mistake that happens to millions of people every day. In 2025, over 3.4 billion phishing emails were sent, and messaging app phishing attacks increased by 300%. The important thing is not whether you clicked — it's how quickly you respond.

Phishing links can lead to credential theft, malware installation, or financial fraud. But if you act quickly, you can minimize the damage significantly. Here's your complete step-by-step guide.

Step 1: Disconnect Immediately (0-5 minutes)

The first seconds after clicking a suspicious link are critical:

• Close the page immediately — press Ctrl+W or Cmd+W to close the tab
• Do NOT enter any information — if a form appeared, close it without filling anything
• Do NOT download anything — if a download started, cancel it immediately
• Disconnect from WiFi — if malware was triggered, disconnecting prevents data exfiltration
• Turn on airplane mode — on mobile, this stops any background data transmission

Step 2: Check What Happened (5-15 minutes)

Once disconnected, assess the situation:

• Did you enter any data? — username, password, banking details, OTP codes
• Did you download anything? — check your Downloads folder for unexpected files
• Did the URL look like a real site? — try to remember the domain name
• Was it sent via email, WhatsApp, or SMS? — this helps identify the attack vector

Use Expandir.link to analyze the link if you still have it. Our 70+ antivirus engines and AI analysis can tell you what kind of threat it was.

Step 3: Change All Compromised Passwords (15-60 minutes)

If you entered a password on the phishing page, change it immediately:

1. Change the password of the affected account first
2. Change passwords for any other account that uses the same or similar password
3. Use a strong, unique password for each account — consider using a password manager
4. Check haveibeenpwned.com to see if your email appears in known data breaches

Step 4: Enable Two-Factor Authentication (1-2 hours)

2FA is your strongest defense against compromised passwords:

• Authenticator apps (Google Authenticator, Authy) are more secure than SMS codes
• Enable 2FA on: email, banking, social media, cloud storage, password manager
• Hardware keys (YubiKey) provide the highest security level

Even if a scammer has your password, 2FA prevents them from accessing your account. This single step blocks 99.9% of automated attacks.

Step 5: Contact Your Bank (Same day)

If you entered banking information:

• Call your bank immediately — use the number on your card, not from the suspicious message
• Freeze or block affected cards — most banking apps let you do this instantly
• Monitor transactions — check your account every few hours for the next 72 hours
• Set up transaction alerts — get notified of every charge
• Report the fraud — banks have dedicated fraud departments that can reverse unauthorized charges

Step 6: Scan for Malware (Same day)

Clicking a suspicious link may have installed malware:

• Run a full system scan using Windows Defender, Malwarebytes, or your preferred antivirus
• Check browser extensions — remove anything you didn't install
• Clear browser data — cookies, cache, and saved passwords from the suspicious site
• Check for unauthorized app installations on mobile

Step 7: Report the Phishing (When possible)

Reporting helps protect others:

• Report to the platform — WhatsApp (Contact > Report), email providers have "Report Phishing" buttons
• Report to Expandir.link — we add confirmed phishing URLs to our database
• File a complaint with your local cybercrime authority
• Warn your contacts — if the scam came from someone's account, let them know they've been hacked

Prevention: How to Avoid Clicking Suspicious Links

Verify Any Link Now