What Happen If You Click On Phishing Link?
We have already discussed How to recognize phishing emails and links and what not to do, specifically do not open attachments from them and do not click links in them.
But what if you have clicked on the phishing link by mistake? What will happen next?
So let’s start by defining a typical phishing email. Basically, they contain a link that landed you on a phishing website or maybe ask you to allow permission to download an unknown app. Maybe they are also from so-called sextortion scams that claim they recorded you visiting adult sites and demand ransom in Bitcoin.
A typical phishing email claims that some urgent action is necessary on your side and to act, you need to click on a link or a button or you need to open and review an attachment.
These emails might be telling you that something wrong with your account or that you have won a prize or that you need to update something but they typically urge you to react fast and they want you to open a link or a file. So what happen if you click on the link and open the attachment, well several things are possible or likely these include any or all the following
Firstly, and most likely of all regardless of what else it might do the link will probably contain coding that uniquely identifies you. By clicking on it may be confirming that you exist, you check emails, and you’re gullible enough to click on a link. This in turn may allow the sender to sell your verified email at a higher price to people who try harder to scam here. Clicking the link even out of curiosity means the phishing scam are quite likely now sees you as more of the target.
To write this article, I have investigated some phishing links and although I opened them in a sandbox environment, one thing I noticed was a sharp uptick in general spam after doing this.
Next, the link might just go to the page directly attempts to compromise your computer. This risk is even higher if you open unknown attachments although in my recent experience, attachments in phishing emails nowadays just seem to contain clickable links as a way for the scammers to try to evade spam filtering.
Either way, clicking on the payload may infect your browser or your computer with malware anything from ransomware that will lock away your data and demand money to Trojans that may open your computer up to external access for your data to be stolen for further malware to be installed or enslave your computer and use it for sending more scam emails to other people.
Furthermore, a phishing link leads to a plausible-looking copy of a legit website which asks you to enter your personal details including user name, password, identity, banking, and credit card details. Only to capture these details for misuse by criminals stealing your identity, all your money, or both.
Finally and this one is the scariest of all clicking on certain types of links with just a single click may immediately give direct control of your valuable online accounts to the scammers. For example, recently I have been receiving a lot of fake emails purporting to be from Google claiming I got a copyright strike or won an award, or I have invalid traffic, actually, this one wasn’t asking me to click, it just asked me to reply and give my password.
Well, there more emails which claimed there’s been unusual activity on my account, or there’s been a change to terms and conditions, or a complaint about spam articles on this website, or invalid click activity on adverts, or an article has been flagged as inappropriate. None of these claims are true, none of these emails are genuine, and every single one of them is trying to take control of my website.
They are doing this to make a quick buck by hijacking my readers and posting their garbage phishing articles and links here in your faces or using my accounts to farm likes and views for profit on other accounts they’ve already stolen. the scammers are using session hijacking and similar exploits which means that if I click just one click on the button and it opens a browser where I’m already logged into Google, it grants the scammers access to and control of my account, bypassing two-factor authentication or any other security measures. One-click on that link and GraspHack is toast.
Scarier sometimes, it’s good to be scared, if it makes you careful.
People suggest just hover the link or copy it out into a browser or notepad to figure out where it goes and figure out whether it’s safe to click.
No! I am sorry to say that but it is terrible advice for at least three reasons.
- When you look at the URL target of some of these phishing links, you may see a domain that looks pretty plausible. These just go to Google; watch if you didn’t know better would seem legit. Other phishing emails in the past have managed to hijack pages on LinkedIn, Microsoft, TechNet Windows, Azure, and probably other domains that you might consider reputable and trustworthy. So examining the link may lead you to the wrong conclusion about it.
- Hovering or copying the links runs the slight risk of accidentally just clicking it which as I described earlier can be a big problem when there are exploits where a single click can damage.
- There’s just no real need to hover or copy the URL. You can decide not to click on it without doing that. What you are expecting to see anyway. The best advice I can give you is just don’t click on emails, don’t do it. Don’t open attachments, don’t click on links, don’t be provoked by claims of urgency in the email, do not click on links thinking really hard about it. Distrust by default, of course, there is still some genuine case where you might need to click on the link. But these exceptions should not lull you into thinking that clicking links is generally safe, it’s not. If for example, you’ve just reset your password on online services, you might get an email with a link as part of the confirmation loop but you need to be careful, be suspicious and start with the default assumption that all email attachments are malware and all links are malicious. Before you click, think long and hard about why, this time, this one link, maybe really does deserve your click, the vast majority of the time it does not and you should not click. In simple words, Be aware, be cautious…
Join GraspHack Family!
We will never spam you.
Be a part of our ever growing community.