What to Do If You Clicked a Phishing or Scam Link
Scammers target people with email or text messages and phone calls to deceive them into revealing personal or financial information like passwords, social security numbers or credit card details. Scams and phishing attempts are also conducted via websites and social media posts. These phishing and scam attacks are getting very sophisticated, and many users unknowingly click a bad link. In this article, we will explain what you should do after clicking a bad link. If you are in this situation, you probably have a lot of questions:
- Am I at risk?
- Should I change my password?
- Is my iPhone infected with a virus or malware?
We will cover all of these questions. I should note that our focus is on iPhone and iPad users.
Do not ignore the warnings
You will probably get caution or warning messages before anything gets dangerous or concerning. It is best to pay attention to these warnings. For example, Safari will warn if the website is questionable or dangerous. If you see this warning, do not visit the website.
Furthermore, the phishing or scam links you clicked may prompt you to install an app, VPN profile, configuration profile, or something similar. These do not get installed without asking your permission first. Do not proceed with installations.
A common scam is to get you to accept spam Calendar subscriptions. Do not subscribe to these. Again, you will be asked if you want to subscribe. Do not worry if you subscribed to some Calendar spam; you can delete it easily. You should first report it as junk. In Calendar, open the event, and then select Report Junk. Then delete it. To do this, open the Calendar app and tap the spam Calendar event, then tap Unsubscribe from this Calendar. You can learn more about how to stop iCloud Calendar spam.
Check if the email or message matches the company it is supposed to be from. For example, the message below is supposed to be from Apple, but the link does not belong to Apple. The message says to click a URL at apple.id. This does not belong to Apple. Apple’s URL is apple.com.
If you click this, you will be taken to a page that says Sign-In Required. As you pay attention closely, the page looks like iCloud, but the URL is not icloud.com. (The URL contains icloud.com, but the web domain is the later part, updates-log.info. They created a subdomain named icloud.com to try to fool you.) This is a phishing attempt for your Apple ID. They are trying to get your Apple ID password.
Lastly, if it is too good to be true, it is not true. A king from Africa won’t give his fortune to you, and you did not win a prize. Most of these scams try to get you to call a number to claim your prize. Do not call the number. It is a scam. They are trying to steal money from you instead of giving you free gifts.
Are you at risk if you opened a phishing or scam link?
This depends on how much interaction you did with the link. If all you did was open a link, then you do not need to worry. Your iPhone or iPad cannot get a virus or malware from a website, text or email message. Your iPhone or iPad is not compromised or hacked in any way. So, you do not need to reset your iPhone or iPad to the factory defaults. You do not need to scan for malware, as there is no scan like this. Please note that these are correct if your device is not jailbroken. If you have a jailbroken iPhone, your risks are much greater. You should ensure that your device is up to date (Settings > General > Software Update).
If you did a little bit more than just opening the link, there are two possible scenarios after opening the link, depending on the attack.
Did you give out your info?
The first scenario depends on whether you gave away any personal information. Most phishing attacks impersonate a legitimate organization or company. For example, you may have landed on a webpage that looks exactly like apple.com, and it urged you to enter your Apple ID credentials, like the example I provided above. Did you fill out any forms or enter any details? If you gave away details, do the following:
- Change your credentials. For example, if you gave out your Apple ID password, change it.
- If you received the link via Messages, block the number, then delete the text message and report it as junk. To report junk, simply delete the thread and select the Delete and Report Junk option.
- If you received the link via email, block the email address and then move the email to Junk. With your inbox open and the email preview visible, swipe left until options appear. Tap on More, then scroll down, then tap on Block Sender. Swipe left again, tap on More, then tap Move to Junk.
- You may also want to delete your browser’s data, cookies and history. Go to Settings > Safari, and tap Clear History and Website Data to do this.
Did you subscribe to a calendar, install a profile or download an app?
The second scenario is that you may have subscribed to a spam Calendar, installed a configuration profile or downloaded an app. These are all easy to address. Simply unsubscribe from the spam Calendar and delete it. Uninstall the app you downloaded unknowingly and then go to Settings > General and look below the VPN & Device Management section. If you see anything suspicious, remove it.