Quick answer
If you clicked a suspicious link but did not enter any personal details, your risk is low — most harm comes from entering information. If you did enter details, act immediately: change any passwords, contact your bank if financial information was shared, and report to Action Fraud at actionfraud.police.uk.
Clicking a suspicious link is one of the most common mistakes made online. It's not a sign of carelessness — scam messages are deliberately designed to look legitimate, create urgency, and trigger a click before you have time to think. If you've clicked one, you're in good company.
The most important thing to know immediately: clicking a link alone is usually not enough to cause serious harm. The danger comes from what happens after the click — entering your details on a fake site, downloading a file, or installing an app. If you clicked but didn't do any of those things, your situation is probably better than you think.
Step one: stop and assess
Before doing anything else, close the page if it's still open. Don't enter any information. Don't click any further buttons. Don't download anything the page suggests.
Then ask yourself three questions:
- Did I enter any personal information — name, address, date of birth, National Insurance number?
- Did I enter any financial information — card number, bank account details, login credentials?
- Did I download any file or install any app after clicking?
Your next steps depend on which of these apply.
If you clicked but did not enter any details
Your risk is relatively low. Simply visiting a webpage doesn't usually result in malware installation on modern devices. However, it's worth checking a couple of things.
Look at your downloads folder — some fake pages automatically trigger a file download. If you see anything you don't recognise, don't open it. Delete it and run a security scan using your device's built-in security tools or a reputable antivirus app.
Keep an eye on your accounts over the next few days for anything unusual, but don't be too alarmed. You've done the hard part by stopping before entering any details.
If you entered personal information
Act quickly, but don't panic. The information may not have been used yet, and acting fast significantly reduces the risk of harm.
- If you provided your name, address, and date of birth: monitor your credit file for any new applications you didn't make. You can check for free with Experian, Equifax, or TransUnion.
- If you provided your National Insurance number: report it to HMRC and consider adding a notice of correction to your credit file
- If you provided your email address and password: change that password immediately, on a different device. Also change it on any other site where you use the same password.
- If you provided login details to a financial account: log in immediately (from a different device if possible) and change your password. Enable two-factor authentication if you haven't already.
If you entered card or bank details
Call your bank immediately
- Call the number on the back of your card — not a number from the suspicious message
- Tell them you entered your card details on a website that may have been fraudulent
- Ask them to block your card and issue a new one
- Ask them to monitor your account for unusual activity
- Check your recent transactions and report anything you don't recognise
- Report to Action Fraud at actionfraud.police.uk or 0300 123 2040
UK banks have strong fraud protection in place. If unauthorised transactions do appear, you have rights to a refund in most cases under the Payment Services Regulations. The sooner you report, the stronger your position.
If you downloaded a file or installed an app
This is the scenario requiring the most immediate action. Malicious files can give attackers remote access to your device, log your keystrokes, or access your accounts.
Disconnect from your Wi-Fi or mobile data immediately if you're concerned. Run a full security scan. If you're using a work device, tell your IT team immediately — don't wait. On a personal device, consider a factory reset if the scan finds anything suspicious.
Report what happened
Reporting helps protect others from the same message. Even if nothing went wrong for you, reporting the link takes it out of circulation for the next person who receives it.
- Email: report@phishing.gov.uk (forward the original email)
- Text: forward to 7726 (free from most UK networks)
- Action Fraud: actionfraud.police.uk or 0300 123 2040
Unsure about a message you received?
Before you click next time, paste the message into Summarly. We'll explain what it appears to say, what looks suspicious, and what to do — before anything happens.
Check a message freeFrequently asked questions
What happens if you click a phishing link?
Clicking alone is usually not enough to cause serious harm on a modern device. The danger is what happens next — entering credentials or payment details on a fake site, or downloading a malicious file. If you clicked but did nothing else, monitor your device but don't panic.
Can my phone get a virus just from clicking a link?
It is possible but uncommon on modern devices with up-to-date software. The more significant risk comes from downloading files or apps the page suggests. Check your downloads folder for anything unexpected and run a security scan if you're concerned.
I entered my bank details. What should I do?
Call your bank immediately on the number on the back of your card — not a number from the message. Ask them to block your card and monitor your account. The sooner you act, the better your position under fraud protection rules.
Do I need to tell anyone?
You should report it to Action Fraud (actionfraud.police.uk) and forward the original message to report@phishing.gov.uk. This helps protect others from the same scam. If a financial account was compromised, your bank needs to know.