The proxy the link is connected to may be adware or clickbait. This leads us to a site we do not want, advertisements, etc. can direct for a purpose. This is the most innocent thing that can happen to us. The network to which our computer is connected may be infected with a worm, or malicious software such as trojans and viruses may be installed on our IT system.

This software may consume resources such as CPU, RAM and memory in our system in accordance with its coding purpose. It can provide a backdoor to our system, capture the passwords we have saved, or make our network part of a botnet.

In this last scenario, the cyber criminal can use our information system as a tool in future cyber crimes. In other words, a cyber attack or cybercrime may appear to originate from your system's IP or MAC address.

For example, if you click on a link promising to receive a gift certificate and do not receive such a profit, you can assume that the link has a malicious purpose.

In addition, if the link takes you to pages you do not want, opens more than one page, makes unintentional installations to your computer/system after clicking, opens pop-up windows that prompt you to take a certain action, this indicates that it is not malicious software.

There will also be long-term effects. Such as decrease in the performance of your computer, loading of files that you have not noticed before, changing file names and locations.

Personal information such as name, surname and date of birth may constitute details of social engineering attacks that may be organized against you later.

Again, access passwords to different platforms can open the door to identity theft, which we call identity theft. Theft of access passwords to access online services of financial institutions will cause you to suffer direct financial losses.

• First of all, we should immediately close the opened pages and ignore the descriptions and directions in the pop-up windows.


• We must immediately disconnect the relevant information system from the internet network.


• If necessary, we should also separate other critical devices connected to the same network from the network.


• We must renew the access passwords that allow us to connect to the internet network (WAN, VLAN, etc.).


• We can obtain the latest logs from the control panel of the router that provides internet access and save them considering every possibility.


• These logs are important to prove that we are not the perpetrators if our system has been involved in a crime.


• If there is a suspicion that a crime has been committed with the system we click on, or if the system may be subject to any administrative, judicial or criminal investigation, we should not close the system in order to obtain evidence from the system using digital forensic analysis method.


• We must keep the system connected to the power supply.


• If we suspect that a crime has been committed through the system we click on, we should forward the matter to the relevant authorities such as the cyber crimes bureau and the prosecutor's office.


• If we clicked on a link from a device belonging to the company we work for, we must report the issue to the company's information security team without hesitation.


• We should store our sensitive or important data stored in the system on an external disk, taking into account all possibilities.


• We can preferably delete data that is not necessary to remain in the system.


• The relevant information system should be scanned with an up-to-date antivirus program. We should also apply this process to the external disk where we store the data, just in case.


• We must log out of e-mail accounts, social media accounts or communication applications that are open on our computer or to which we have given the "trust this computer" command (Single-sign-on).


• We must change the access passwords on these accounts from another trusted system and activate multi-factor authentication (MFA).


• We must deactivate password storage applications such as keepass and password safe on our computer and change the access passwords to these applications from a secure device.