I clicked a suspicious link but didn't enter anything — am I safe?
In most cases you are fine, but some pages can attempt drive-by exploits or track your device; checking your device and changing passwords on any site that was open is a sensible precaution.
Last reviewed: 10 June 2026
Explanation
The vast majority of phishing links lead to fake login pages that only become dangerous when you submit your credentials. If you landed on the page, saw it looked wrong, and closed it without entering any information, your data is very likely intact.
That said, a small number of malicious pages attempt 'drive-by' attacks that exploit vulnerabilities in your browser or operating system to run code without any user interaction beyond the page loading. These are far more common in targeted attacks than mass phishing, and they are largely mitigated by keeping your browser and OS fully up to date.
Clicking a link also tells the sender that your device is real and your number or email is active — a piece of intelligence that may lead to more targeted follow-up messages. Your IP address and basic browser fingerprint may also be logged.
If your phone or computer was on a reputable browser with auto-updates enabled and you didn't enter anything, the risk is low. Run a quick malware scan to be thorough, and if you had any accounts open in other tabs, changing those passwords is a reasonable belt-and-braces step.
Common red flags
- The page asked for login details, payment information, or a verification code
- A file began downloading automatically when the page loaded
- Your browser showed a security warning before you reached the page
- The URL in the address bar was clearly not the legitimate site
- Your device behaved unusually after visiting the page
- You received a follow-up text or email very quickly after clicking
What to do now
- Close the page if it is still open and do not return to it
- Run a malware scan on your device as a precaution
- If a file downloaded automatically, do not open it — delete it immediately
- Change passwords for any accounts you were logged into on the same browser session
- Update your browser and operating system if you haven't recently
- Block the sender's number or email address
- Report the link to your national cybercrime centre or forward phishing emails to the relevant authority
Frequently asked questions
Can clicking a link on an iPhone or Android infect my device without me doing anything else?
It is possible but rare, and mainly a risk on unpatched devices. Keep your OS and browser updated — patches close the vast majority of known exploit windows.
The link opened in my email app, not a browser — does that change my risk?
Email clients often have built-in link preview or WebView components. The same update-and-scan advice applies; risk is still low if you didn't interact further with the content.