On The Edge

What to do if you click on a suspicious link

What should you do if you’ve unintentionally clicked on a link that could cause you to fall victim to an online scam?



By now, most of us are more than familiar with scams like bank-related phishing attempts, fake tech support and investment fraud – the top three most common scams in Singapore. After all, they’ve been highlighted in the news and other media.

But even the most well-informed netizen might still fall for a suspicious link, especially when distracted or tired. According to author and psychologist Maria Konnikova, anybody can be a successful scam target under the right circumstances.

Even if one doesn’t fall for the scam entirely, just clicking on the link could lead to unwanted consequences. In the worst case scenario, losses can occur even without giving away one’s personal details or passwords. Since January this year, over S$7.1 million has been lost in Singapore to tech support scams, in which victims granted scammers remote access to their devices.

So what can you do after you’ve clicked on a link that turns out to be a phishing website, or a suspicious download? There are steps you can take – as long as you act immediately.


If you’ve logged into an Internet banking link that turns out to be a phishing imitation, try to immediately change your password on the legitimate banking app or website. Every second counts in a situation like this, as scammers can siphon out your money in a matter of minutes.

If you’re in the habit of recycling passwords, make sure to change your password everywhere else that you’ve used it. Set up a new, individual password for each app or website. Tools like password managers to help with this. 


If you’ve been duped into installing any apps or programmes, uninstall them immediately.

Next, scan your device with anti-virus software to ensure that the link you’ve clicked on – or the attachment you opened – hasn’t managed to install nasty malware.

Often, scammers may send out e-mails with links that pretend to be for online shopping deals or interesting news articles. These lead to websites which require you to click a download link to view videos or access more content – and thus unwittingly install malware on your device. The malware creates a backdoor that allows scammers to remotely access your computer, collecting passwords, files and information that can be used to steal your money and even your identity.

While you scan your computer, make sure it isn’t connected to the Internet so that scammers can’t access it or infect other devices in your network.


If your banking or credit card information has been handed over to the scammers, notify your bank so that they can take steps to safeguard your money.

This can include freezing your accounts and ensuring that transactions are allowed to be processed only when the customer confirms their legitimacy, or notifying the customers of any significant changes in their banking activities.

The Anti-Scam Command (ASC) of the Singapore Police Force (SPF)’s Commercial Affairs Department works closely with financial institutions on initiatives like Project Frontier, which enables bank accounts to be swiftly frozen if they are suspected to be involved in scammers’ operations. This has helped in the recovery of over S$200 million for scam victims since 2019, and the ASC is now working to bring on board other bank representatives by the third quarter of this year.

After notifying the bank, it’s best to keep an eye on your accounts and credit cards over the next few weeks. Scrutinise even the most minor transactions to ensure everything is accounted for, as scammers may start with small amounts before working their way up to larger ones.


If you’ve lost money to the scammers, file a police report. Even if your money can’t be clawed back, you’ll be alerting the authorities to the presence of a scam – and you might be able to help others in danger of being scammed.

In addition, if the link you clicked on was a fraudulent imitation of a real website or company, let them know so they can warn their customers or clients. You can also report the phishing attempt to the Singapore Computer Emergency Response Team (SingCERT).


Finally, download ScamShield to lower the chances of this from happening again.

Developed by the National Crime Prevention Council (NCPC) and the Government Technology Agency, ScamShield uses artificial intelligence algorithms to filter out SMSes and phone calls that are made and sent by scammers. The AI algorithm catches SMSes that are likely to be spam and filters them into a junk SMS folder while also sending them to the NCPC and SPF to be collated.

ScamShield is also able to compare incoming call phone numbers against a list that is regularly updated by the SPF to determine if the number has previously been used for illegal purposes. If the answer is yes, the call is blocked. To help fight scammers, users can also report scam messages from popular chat apps like WhatsApp, Wechat and Viber using ScamShield’s in-app reporting tool.

Remember, while clicking on the wrong link can happen to anyone, staying calm and taking action can help prevent you from losing it all. It’s also important to be aware of the common scams in Singapore that begin with a click of a link. Here are some tips on how you can verify the links before falling victim to a phishing scam.