You clicked a link in an email or text and now something feels off. Take a slow breath. Most people who click a suspicious link are fine, especially if they did not enter any personal information afterward.
Key Takeaways
- Clicking a link alone rarely causes harm. The real risk starts when you enter a password, financial details, or personal information on the page that opens. (Verizon 2024 DBIR)
- Disconnect from Wi-Fi and run a virus scan within the next 15 minutes.
- Change your passwords right away if you typed anything into the page.
- Adults 60 and older lost $4.9 billion to fraud in 2024. Catching the problem early is your best protection. (FBI IC3 2024)
Is Clicking a Suspicious Link Actually Dangerous?
Phishing was the top internet crime in 2024, with 193,407 complaints filed with the FBI (FBI IC3 2024). But clicking a link on its own is much less risky than most people assume. The real danger begins when you type personal information into the page that opens, such as a password, a Social Security number, or a credit card number.
Think of a link like a door. Opening the door is not the problem. Handing over your keys once you walk through is where trouble starts. If you clicked but did not enter anything, your risk is low.
According to the Verizon 2024 Data Breach Investigations Report, the median time between opening a phishing email and clicking the link is just 21 seconds. Entering personal data takes only 28 more seconds after that. Most people act before they realize something is wrong, so if you fell for it, you are in very good company.
Step 1: Disconnect from the Internet Right Away
Disconnecting your device from Wi-Fi is the single fastest way to limit any damage. If your device was downloading something harmful, cutting the connection stops it from completing.
On most phones and laptops, you can turn off Wi-Fi in the settings or by toggling airplane mode. On a desktop computer, simply unplugging the ethernet cable works. You do not need to turn the device off entirely.
Once you are disconnected, do not log in to any accounts and do not open your banking app. Wait until you have completed a scan and feel confident your device is safe.
Step 2: Run a Virus Scan
A virus scan checks your device for harmful software that may have been downloaded when you clicked the link. Most Windows computers come with Microsoft Defender, which is a reliable built-in option. On a Mac, Malwarebytes offers a free version that works well.
Open your security software, choose "full scan," and let it run. This may take 30 to 60 minutes. If the scan finds nothing, that is a good sign. If it finds something, follow the on-screen instructions to quarantine or remove it.
Our guidance: If you are not sure what scanning software you have, a tech support professional can run this check for you in under 20 minutes. Visit get help now to be matched with a vetted expert who explains things in plain language.
Step 3: Change Your Passwords If You Entered Anything
If you typed a password, email address, or any personal information into the page that opened, change those passwords now. Start with your most important accounts: email, banking, and any accounts that share the same password.
Credential phishing jumped 703% in the second half of 2024, according to a Security Magazine report citing SlashNext data (Security Magazine, 2024). Scammers are getting faster at using stolen login details. Changing your password within the first hour is your most effective defense.
One step most guides skip: If you used the same password on other websites, change those too. Attackers often try stolen credentials on banking and shopping sites within minutes of stealing them.
A strong password is at least 12 characters and mixes letters, numbers, and symbols. If keeping track of multiple passwords is difficult, see recovering forgotten passwords and staying organized for simple ways to manage them.
Step 4: Watch Your Accounts for the Next Week
Most harm from phishing shows up within a few days. Phishing accounted for 16% of all data breaches in 2025, according to the Verizon 2025 DBIR (Verizon, 2025). Knowing what to watch for helps you catch a problem early.
Check for these warning signs each day:
- Unexpected charges on your bank or credit card statement
- Emails or texts saying your password was changed when you did not change it
- Friends saying they received strange messages from you
- New accounts or subscriptions you did not create
- Alerts from your bank about unusual activity
If you see any of these, call your bank using the number on the back of your card. Tell them what happened. They can freeze your account, reverse charges, and help you lock down your profile.
What Probably Did NOT Happen
Many online guides assume the worst after any suspicious click. Here is what most people worry about, and why most of those fears do not apply.
Your device is probably not "hacked." Clicking a link does not give anyone remote control of your computer. That requires downloading software or calling a scammer and letting them connect. If you did neither, your device is likely fine after a clean virus scan.
Your identity is probably not stolen. Identity theft typically requires your Social Security number, date of birth, and full name together. If you did not type those into the page, this risk is very low.
Your bank account is probably not at risk unless you entered your banking login or card number. Banks also run automated fraud monitoring that flags unusual activity before most customers notice it.
A distinction most guides miss: Clicking a link and entering information are two very different things. Clicking alone is low risk. Entering your credentials or payment details is high risk. Your response should match your actual situation, not the worst-case scenario.
What to Do If the Scammer Calls You Back
Some phishing attempts are just the first step in a longer scam. You may receive a follow-up call from someone claiming to be your bank, Microsoft, or a government agency. They may already know your name or email address, which can make them sound legitimate.
Real companies do not call to ask for your password or payment information in response to a security issue. If someone asks for those things over the phone, that is the scam. Hang up, then call the company back using a number from their official website, not one the caller gave you.
Tell a trusted family member or friend what happened. A second set of eyes helps you decide whether to act and what to say.
How to Recognize Suspicious Links Before You Click
The best protection is a brief pause before clicking anything. Most phishing links share a few patterns that are easy to spot once you know them.
Look closely at the sender's email address. Scammers often use addresses that look almost right, such as support@amazon-secure.com instead of support@amazon.com. The key part is the domain, the section after the @ symbol.
Be especially careful with links in text messages. Texted links are harder to verify and easier to fake. If a text says your package is delayed or your account is locked, go directly to the company's website by typing the address yourself.
See spotting fake emails step by step for a full guide to checking email links before you click.
When to Get Professional Help
If you are unsure whether your device is safe, or you did enter personal information and want someone to walk you through the next steps, a tech support professional can help. A qualified technician can run a full scan, check for signs of a problem, and help you change your passwords in the right order.
ClearGuide matches older adults and their families with vetted, patient tech support experts who explain things clearly. Get help now to be connected with the right person for your situation.
You do not have to figure this out alone. Getting a second set of eyes on your device after a suspicious click is a reasonable and smart thing to do.
Frequently Asked Questions
What should I do first if I clicked a suspicious link?
Disconnect from Wi-Fi immediately, then run a full virus scan. If you entered any personal information on the page that opened, change your passwords for email, banking, and any account using the same password. Acting within the first 15 minutes reduces your risk the most.
Does clicking a link automatically install a virus?
Not usually. Most phishing links take you to a fake website designed to trick you into entering personal information. Your device is most at risk if you downloaded an attachment, installed software, or called a phone number shown on the page that opened.
What if I gave the scammer my phone number or email address?
A phone number or email address alone gives scammers limited access to your accounts. The real risk is follow-up contact. They may call or email again. Block the number, watch for unusual messages, and do not respond if they reach out.
Can a scammer access my bank account just from a link click?
Only if you entered your banking login or card number into the page that opened. If you clicked but entered nothing, your bank account is almost certainly not at risk. Contact your bank directly if you are worried, and they can review recent account activity with you.
Should I report the suspicious link to anyone?
Yes. You can report phishing to the Federal Trade Commission at reportfraud.ftc.gov or file a complaint at the FBI's Internet Crime Complaint Center at ic3.gov. Reporting takes about five minutes, requires no technical knowledge, and helps authorities warn others.
The Bottom Line
Clicking a suspicious link is a mistake that millions of people make every year. The FBI logged 193,407 phishing complaints in 2024 alone, and most of those people came through it without lasting harm (FBI IC3 2024).
The four steps that matter most: disconnect, scan, change passwords if you entered information, and watch your accounts for a week. If anything looks off, call your bank and reach out to someone you trust.
If you want someone to walk through this with you, get help now. A vetted tech support professional can check your device and give you a clear picture of where things stand.
See also: common scams targeting older adults and finding the right tech support for a parent.