If we stored all of the questions that we have ever received and analysed the results, by far the most popular Cybersecurity themed question runs along the lines of this; I clicked a dodgy link. Does this now mean I’ve been hacked/have malware?
If you’re looking for a literal answer based on the limited information offered when simply claiming you “clicked a link”, then it’s this; probably not. But when someone says they “clicked a link”, sometimes they omit vital information such as they then proceeded to, for example, download a file, or enter their login/banking information. Then the answer to the question of “am I in trouble?” changes from probably not to almost certainly.
So let’s dig a little deeper into the question of whether clicking a link really is going to get you into trouble.
Suspicious links can appear in a variety of ways. Over a messaging app. On social media. Or on an email.
Now if a person clicks the link without thinking, before quickly realising that actually they probably should have not done that, and then proceed to close the resulting website down, then it’s unlikely that they’ve compromised their security.
Sponsored Content. Continued below...
That’s because the vast majority of online scams out there rely on a would-be victim doing more than simply clicking the link.
Phishing scams, for example, would need a victim to fill out sensitive information about themselves into a webpage and submit that information for the scam to work. Alternatively most malware scams would need a victim not only click a link but to agree to allow a file to download onto their device. And spammy marketing links would need users to fill out surveys and questionnaires.
So providing a person doesn’t do any of these things after clicking a link, it is unlikely they’re going to find themselves the victim of a scam.
We say unlikely because there are occasions or situations – fortunately quite rare – where clicking a link could be enough to put you at risk.
This is when crooks exploit software vulnerabilities in the programs and apps you use (such as your Internet browser) that have not been fixed – either because the developer has not had a chance to fix the vulnerability (such as a zero-day exploit) or because they won’t fix the vulnerability (the victim is using out-dated software.)
Sponsored Content. Continued below...
In such cases, theoretically simply clicking a link and landing on a website could be enough to, for example, initiate the download of malware. We call these types of attacks drive-by download attacks.
However, these are quite rare, and it is far more common to encounter a scam that requires more than simply clicking a link.
Of course there are many cases when someone says they just “clicked a link” but what they actually mean is they performed actions on the resulting webpage after clicking the link.
If, for example, these actions include entering sensitive information or downloading files or installing extensions, then yes, this could present a serious security threat which may require changing passwords, contacting your bank and/or performing antivirus scans depending on exactly what those subsequent actions were.