I clicked on a link in a spam text: now what?

Man surrounded by spam text bubbles patting head
Apr 24, 2024
10 min read

If you own a smartphone or computer, you likely are familiar with spam messages. “Spam” refers to unsolicited messages sent in bulk, most often via email or text messages. While spam can be very annoying, it can also be dangerous. Scammers often send messages to people in an attempt to trick them into falling for phishing attacks.

The annual global cost of cybercrime is now nearly $8 trillion, and 80% of reported cyber crimes are phishing attacks. In a phishing attack, criminals impersonate trusted people, businesses, and other sources in an effort to trick victims into sharing important data. The target is usually personal and/or financial information. Just as a fisherman uses bait on a hook to catch a fish, scammers try to trick you into giving them access to your personal data by offering appealing bait.   

In a typical phishing scam, a hacker will send a seemingly legitimate message with a phishing link asking the recipient to provide login information, to download information, or to perform some other vulnerable action. If the phishing target falls for the scam and enters their information or downloads content from the link, the hacker can gain unauthorized access to the victim’s account, steal their personal data, or install malware on their device.

While most people would never hand over their personal information to a total stranger, they might be persuaded to do so by a carefully worded message and an easy-to-click phishing link. If you think you’ve accidentally clicked on a phishing link or have installed malware, don’t panic. Here are some steps you can take to keep your information safe.

Never enter passwords or personal information

The best way to avoid phishing scams is to never give out passwords, login data, or personal information in the first place. Unfortunately, phishing scams can look incredibly convincing. Whenever you’re prompted to enter login information on a web page, especially if you’ve navigated there via a message link, slow down. Always take a moment to stop and analyze the situation first.

  • Look for the browser's security icon. A secure site should have an icon next to the URL. This means the site uses SSL encryption, a high level of security, to protect your data. If this icon is missing, it could be a fraudulent website. However, the lock icon does not mean that the connection can always be trusted as cybercriminals use SSL connections these days as well.

  • Double check the address. Phishing scammers often use a web address for a phishing site that is very similar to a legitimate web address. The differences are often very small. But there are differences, if you look closely. For instance, might be changed to Make sure the address bar features the accurate website name.

  • Scan for misspellings. Phishing emails or phishing duplicate sites often feature errors you would never see on legitimate websites or company emails. Read carefully. Check for misspellings, errors, and typos, as they are often a warning sign that the site is run by scammers.

Read more: Is this webshop safe? 4 easy ways to check website safety

Reset your password

Once you’ve entered your login information on a malicious website, access to your real online account is put at risk. If you also reuse your passwords to login to different online accounts (as 68% of people do) these other online accounts are at risk of being accessed as well. If you fall for a scam, you should immediately reset the password and login information for the affected account, and do the same for any other accounts linked to the compromised profile or that use the same password. Also, make sure each account has a unique, strong password.

Tip: You can create passwords for free with F‑Secure Strong Password Generator.

Scan your system for malware

Robust antivirus software like F‑Secure Total can detect and remediate malware that you may have inadvertently downloaded on your device during a phishing attack. Once you install security on your device, you can perform a quick scan of your system in order to identify and remove any viruses. 

Update your phone’s operating system. 

The most recent version of a device’s operating system offers critical protection and upgraded security against threats. When you receive the notice of a new OS version, be sure to update your software immediately. It will give your device access to patches and fixes for any new security vulnerabilities. If you ever are the victim of an attack, in addition to locking down your sensitive information and removing any malware, you should also download the latest software security updates to protect against future security risks.

Financial security

Phishing attacks alone cost U.S. consumers $52 million in 2022. 


If you’re the victim of a phishing attack that affects banking information, personal data, or major account access, immediately take action to secure your finances. If the phishing attack impacts an account linked to a bank debit card or credit card, contact your financial institution. Banks can assist you with monitoring and securing your accounts and issue replacement credit cards, so your finances stay safe.


If you're concerned that scammers may be able to commit identity theft by taking your Social Security number and other personal information, you can contact the major credit score companies and request a lock on your credit. This can stop the cyber criminals from opening new lines of credit under your name. You have the option of unlocking your credit in the future. When you do, it is a good idea to actively monitor your credit report for any changes.

Types of phishing scams 

There are a variety of types of phishing scams. In all of them, scammers manipulate or deceive victims so they can control computer systems and/or steal personal and financial information.  

  • Spear phishing scammers target specific organizations or groups of people, pretending to be a familiar contact. Typically, they’ll send a fake work email from HR or IT requesting information. The scammers usually know just enough information about their targets to make the attack convincing and the threat particularly dangerous.

  • Whaling attacks often target wealthy individuals or prominent business leaders. For example, a whaling attack may begin with an urgent request from someone claiming to be the CEO. The message will expect immediate action, urging the targeted executive to click on a link or to divulge critical information. While spam filters usually catch illegitimate addresses and flag them as junk mail, scammers can mimic an organization’s address and slip through the cracks. 

  • Smishing is another term for text message (SMS) or other messaging phishing scams. These attacks are common. They don’t necessarily require any previous knowledge of the victim. If you receive requests or offers from unexpected or unwanted text messages, it is best to ignore and delete them. 

  • Vishing scammers use phone calls and voice messages to deliver what appear to be legitimate, “important information” to their targets. They depend on the power of a human voice to convince people to respond and give out personal information. If the voice isn’t someone you know or trust, don’t respond.

  • Pretexting scammers often pose as friends or colleagues appealing to your generosity and empathy. Many times, they’ll share an elaborate story that ends with a request for a favor––that you send personal data or download a file in order to help them. Be alert to such scams; they tend to come at you fast and appeal to your sympathies. This makes them particularly dangerous.

  • Angler phishing takes place on social media. And it can be very convincing. Here’s how it works: When a user posts about a negative experience with a product or brand, a scammer account disguised as a legitimate company responds, apologizes for the negative experience, and sends the user a phishing link or a direct message requesting more information.  

  • SEO Poisoning scammers use search engine optimization (SEO) or paid advertising to earn high search results rankings for their phishing websites. Watch out for seemingly legitimate websites on the first page of search results. It’s tempting to trust them, which is just what the cyber criminals are hoping you’ll do. 

How F‑Secure can help

Advanced online protection is one of the best ways to keep your important digital information safe from risks now and into the future. With F‑Secure Total, you can keep your privacy and your personal data secure with a single solution that automatically scans all the sites you visit and links you click, and blocks scams before they can do you harm. F‑Secure Total also protects all your devices against viruses and shields your identity and finances against theft and fraud. Learn more about how F‑Secure Total keeps your online life secure.


Clicking a phishing link in a spam text message can open your phone to security threats. If you don’t enter any information or accept any downloads, your data may be safe. On the other hand, it’s possible that suspicious files and malware were downloaded to your device through that malicious link. To be safe, download a trusted security solution that can scan your device for malware and block scams before they do harm.

Phishing attacks have grown increasingly sophisticated over the past few years. So, it can be very difficult to discern a real message from a fake. If you do happen to click on a link, follow the steps covered above to lock down your phone and secure your important information. These steps should include disconnecting from the internet and using an antivirus program to find and delete any malware.

If you click a phishing link sent via a spam or scam text message and share your personal information or account credentials your information could be at risk. As an immediate step, always change the password associated with the account credentials compromised by a scam. You can also download a trusted security solution that offers advanced phishing and scam protection that will monitor your data, alert you of risks, and provide you with identity theft assistance and coverage. 

If you clicked on a link by accident but didn’t enter any login details or information, it is possible that no harm was done. However, it’s still important to follow safety precautions. Phishing threats are constantly evolving. Some viruses only require a link click to affect your device. If you’re the victim of one, be ready with security countermeasures to remove malware. That will protect damage to your device and your data.


total app on different devices

Stay safe against online scams and threats with F‑Secure Total

F-Secure Total protects you from costly online scams in many ways, and helps you protect your devices.

  • Safe browsing, shopping and banking online

  • Prevent identity theft and avoid online scams

  • Antivirus, VPN and password manager in one app

Read more about Total