Phishing links continue to drive a large share of reported cybercrime. The FBI’s Internet Crime Complaint Center recorded more than 859,000 complaints in its latest annual report, with phishing and spoofing among the most common categories.
Many of these incidents begin with a link embedded in an email or text message. The link directs you to a site designed to harvest login credentials or personal information. Some of these pass through multiple domains before reaching the final page.
Federal agencies have also warned of campaigns using fake versions of legitimate websites, including government services, to capture personally identifiable information.
What happens next depends on how the link is set up. It may collect credentials, capture submitted information, or open up access that is used later.
What happens after you click
Some links lead to credential harvesting sites. These pages mirror real login portals and record usernames and passwords as they are entered. The information is then transmitted to the attacker in real time.
Other links prompt for additional details. This can include Social Security numbers, banking information, or one-time passcodes sent to your device. Entering these might let attackers access your accounts or bypass verification steps.
In some cases, the link initiates a download. This may install malicious software or tracking scripts on your device, which can log activity, capture keystrokes, or simply maintain access over time.
Just last month, the FBI warned about phishing emails sent to people with active planning and zoning permit applications. The messages included real details like property addresses and application numbers to make them look legitimate. Recipients were then asked to pay fees through wire transfers, peer-to-peer apps, or cryptocurrency.
What to do if you clicked on a phishing link
- Step 1: Stop interacting with the link. Close the page and do not enter any information. Avoid clicking on further links or downloading anything from the site.
- Step 2: Go to the official site directly. If the message referenced an account or service, navigate to it yourself by typing the official URL (for example, going directly to a .gov site). Do not return through the original message.
- Step 3: If you entered credentials, lock down the account. Change your password immediately and check account activity for any unauthorized access. Enable multi-factor authentication where available.
- Step 4: If you shared personal or financial information, monitor and act. Watch for unusual activity tied to that information, including account changes or transactions. Contact the affected service directly if anything appears unfamiliar. If you made a payment, contact your bank or payment provider immediately to report the transaction and attempt to reverse it.
- Step 5: If a file was downloaded, check your device. Run a security scan and remove any unknown files or applications. Some phishing links are designed to install malware or capture activity after the page loads.
- Step 6: Report the incident. File a report with the FBI’s Internet Crime Complaint Center at ic3.gov. Reports help track phishing campaigns and support ongoing investigations. If personal information such as your SSN was shared, you can also file a report at IdentityTheft.gov.
Phishing activity does not always appear right away. Credentials can be reused across accounts, and personal information can show up later in credit activity.
Monitoring helps you catch that early. Instead of waiting for a lender to flag it, you can see new inquiries, accounts, or changes as they happen.
Aura tracks credit across all three major bureaus and scans for exposed personal data, including SSNs, email addresses, and account credentials. It alerts you when new activity is tied to your identity and connects you with fraud resolution support if something needs to be addressed. As a valued AICPA member, get up to 68%* off and a 60-day money-back guarantee** on annual plans.
*Based on standard pricing starting at $13/month for the Individual Plan.
**You may cancel your membership online and request a refund within 60 days of your Aura membership purchase either through your Aura Account Membership portal or by calling us at 1-855-712-0021.