What to do if you click on a phishing link

The bad news: you've just clicked on what might be a phishing link.

The good news: you're not alone, and you're not doomed. 

Nearly 1 billion phishing attacks hit inboxes in Q1 2025, and even IT professionals fall for them. The difference between a close call and a costly breach? What you do next.

1. Document the incident
2. Disconnect from the network 
3. Don’t enter any credentials 
4. Notify your IT team
5. Scan your device for malware
6. Change passwords where necessary
7. Monitor company accounts and systems 

Here's what to do if you click on a phishing link

Disconnect from the network

If you suspect your device has been compromised, disconnect it from Wi-Fi or wired networks immediately. This helps prevent malware from spreading across company systems.

Do not enter any credentials

If the phishing site asks for login information or payment details, close the browser immediately. Never enter your company or financial credentials.

Notify your IT team

Report the incident to your internal IT department or cybersecurity team straight away. Include details like:

• The exact URL (if you can access it safely)
• How you received the link (email, text, social media)
• What time you clicked it
• Any information you might have entered

Under GDPR, you have 72 hours to report certain breaches. The UK's National Cyber Security Centre (NCSC) recommends reporting phishing attempts and suspicious emails to report@phishing.gov.uk.

Learn how CyberSmart Phish can help your team spot phishing attempts before they cause harm

Scan your device for malware

Run a company-approved antivirus or anti-malware scan. Follow the instructions provided by your IT team to ensure no malicious software remains.

Change passwords where necessary

If there’s any chance credentials were exposed, immediately change passwords for affected company accounts. IT may need to enforce a company-wide password reset following password best practices.

Monitor company accounts and systems

Keep an eye on any unusual activity in financial accounts, internal systems, or shared drives. Report anomalies immediately to IT.

Document the incident

Record the time, the link, and the steps you took to address the threat. This helps your security team investigate and prevent future attacks.

Protecting your company’s most vulnerable systems

After clicking a suspicious link at work, certain business systems need immediate attention to prevent widespread damage, such as:

Company email

Check your sent folder immediately. Phishing attacks often use compromised accounts to spread further. One compromised email can infect an entire organisation.

Financial systems

UK businesses lost £1.17 billion to fraud in 2024. If you've accessed any financial platforms recently, alert your finance team. They may need to implement additional security measures or freeze certain transactions.

Shared drives

Malware can spread through shared folders. Your IT team may need to isolate affected areas to prevent infection spreading.

Caught, but not hooked

Clicking a phishing link isn’t the end of the world – it’s what you do next that matters. Acting quickly, reporting to your IT team, and securing your accounts can turn a potential disaster into just a learning moment.

Want to give your people the skills to recognise phishing scams before they turn into breaches? Check out CyberSmart Learn, our cybersecurity focused learning management system.

Frequently asked questions