I accidentally clicked on phishing link but did not enter details. Am I at risk? What should I do now?
I clicked a link from a fake Twitch streamer and now I'm scared of being spied on. I typed my account details but didn't actually send them because I realized it was a fake link right before clicking enter.
Am I at risk from some sort of malicious program being installed into my PC just by clicking the link? https://secure.runescape.com-l.cz/m=weblogin/loginform.ws769,443,127,150,5 This is the link and I checked on VirusTotal and the result was that it was a phishing/malicious website.
As You have clicked on phishing link but did not enter details, you can -
- UNC paths (stealing hashed passwords - IE only)
- Injecting malicious extension (used for gaining persistence on the victim browser)
- Injecting malicious browser updates (again, for gaining persistence on the victim browser and code execution)
- Browser plugin vulnerabilities (i.e flash, silverlight, java - for code execution)
- Attacking the router (to redirect traffic, open ports etc)
- Attacking LAN systems (exploitation is difficult from the restrictions of browser networking, but port scanning is trivial)
- The same can be done on the local system
Cross-site Request Forgery against vulnerable sites Honestly, there are hundreds of possible things that can happen when you get phished, just by clicking the link. But in reality, the last 5-10 years have been great for the advancement of website/browser/system/equipment security and you probably don't have to worry about the majority of these. So take a deep breath, you are most likely fine