Accidentally Clicked a Malicious Link?
Here’s What to Do Immediately
If you've clicked on a malicious link by accident, don't panic. Thanks to the work of hundreds of engineers, your most likely safe. Here's why:
What are the actual risks?
Your browser contains built-in protections that prevent any website from interacting outside of its so-called sandbox. This means that even if you click a malicious link, the damage is usually contained within that browser session and cleared when you close the page. Some companies may exaggerate the danger, but for most users the risk remains limited.
The only time you should be concerned is if you're such a high value target that nation state threat actors would try to hack you. However, if you're just a normal person, then it's very likely that you are safe. It doesn't make sense for someone to develop an exploit like this (which could be sold for millions of dollars) and use it on a random person, like you.
Are there any steps I should take?
Yes! The fact that the malicious link wasn't blocked is in itself something concerning, plus there are also a lot of actually quite easy steps you can take to prevent something like this in the future.
To report the link so that it gets blocked:
- Open your browser history (usually by pressing CTRL+H on desktop) and copy the URL of the suspicious link.
- Go to VirusTotal and submit the link. This will tell you which security products have already flagged it.
- VirusTotal will give you 60+ security product results. Don't be intimidated by the number, you only have to report it to a few providers and they'll take care of it.
- If you do not want to report it to every service yourself, report it to us by visiting the URL report form and we will review it promptly.
To protect yourself:
- Enable Google's Enhanced Safebrowsing in your account. In Chrome, it enables built-in real-time threat detection to prevent phishing and automatically contributes anonymized data to improve protection for everyone else using Google products.
- Download the PhishIndex browser extension. It will protect you against sophisticated threats like IDN Homograph and Self-XSS attacks.
- For more technical users: Quad9's DNS service uses several threat intelligence feeds to filter out malicious links at the network level. This is highly effective at stopping malicious links, and Quad9 does not noticeably slow down your browsing speed while respecting user privacy. Visit Quad9's website for setup instructions.
- If you encounter a suspicious file or a link and want to check if it's safe, one of the best tools to do that is VirusTotal. They check submitted files/links against 60+ antivirus products and are able to give fast and accurate results to determine the legitimacy of a file/link in less than a minute. Just make sure not to submit any personal files/links as VirusTotal shares most submissions with the security community. Upload a file by clicking here.