When you see a malicious email or link, you may already have your next steps in mind, like deleting it right away, reporting it as spam and even blocking the sender. However, CNET’s latest survey found that some US adults don’t take any action at all. 

It’s easy to comfortably assume that antivirus software and other cybersecurity tools will protect you from malware, but scammers are still finding workarounds to steal our data. In fact, even though many devices have built-in antivirus protection, over half (54%) of US adults with personal laptops have encountered potential malware within the past year. 

Your first step when you notice a possible malware attempt is the most important. Clicking a link out of curiosity can lead to a virus, identity theft or even fraud. However, ignoring it isn’t the best course of action either. 

We can help you navigate these instances. Here are CNET’s latest survey findings and information for how far CNET’s experts say antivirus software can really protect you from phishing headaches and hassles.

Laptop owners have encountered phishing emails the most

My mom just got a new laptop and told me she doesn’t need antivirus protection. She’s not entirely wrong. CNET’s antivirus experts, Moe Long and Attila Tomaschek, say you don’t necessarily need another antivirus program if your device already has built-in antivirus protection — as most computers today do.

Windows 11 includes Microsoft Defender antivirus protection. Mac users have XProtect to check for malware, while the Malware Removal tool catches anything XProtect may have missed. And the Gatekeeper feature stops you from opening apps and software that aren’t trusted. But viruses, phishing and malware attempts are still lurking, as CNET’s study shows.

CNET found that over the past year, US adults who own a laptop have encountered or interacted with phishing emails most often (37%), followed by urgent pop-ups (24%), unusual payment requests (17%), and branded spoofing (17%). 

Cybercriminals are using artificial intelligence to make scams more believable — even through impersonation. And they’re coming up with new tactics much faster than in the 1990s, when we all took our desktops to the Geek Squad for help after a scammer’s successful malware attack. 

But here’s the most important distinction to know: Antivirus software may not be able to help identify phishing and malware attempts that are constantly evolving. It can help prevent malicious software from attacking your device and personal data, so long as that malware is in its database of known threats. But you’ll need to use your best judgment to avoid clicking those suspicious links first. 

88% of US adults took action after seeing potential malware

CNET found that 88% of US adults who own laptops took action after coming across potential malware over the past year. That’s encouraging news for Long and Tomaschek. 

«You don’t really want to mess around with malware, especially the way a lot of modern malware is designed to get your data instead of crashing your computer or something like that,» Long says. 

Here’s a closer look at how laptop owners take action. 

Over half (60%) of US adults either manually deleted the file or closed a website or pop-up, and 35% immediately ran an antivirus or anti-malware scan. However, Long says some of these actions are effective and helpful, while others aren’t. 

If there’s a malicious pop-up, and you close it without clicking a link, you may not have to worry about malware or a virus, Long says. If you download a malicious file, you might be able to delete it before it does any harm. But if you download an executable file, like a software application that infects your device when it’s run, you could actually be installing malware on your computer along with what you think is just an application. 

Some actions are definitely worth taking, like immediately running an antivirus or anti-malware scan after encountering malware (35%), says Long. 

But other actions aren’t, like installing a VPN, which 8% of US laptop owners do, according to CNET. 

Long says that a VPN is a privacy tool, and it has very few security benefits. If you’re using a VPN on a public Wi-Fi network that’s under attack, a VPN can mitigate the risk of the attack reaching your device. But for the most part, VPNs are just another part of your cybersecurity toolkit, but for privacy, not online security, says Tomaschek.

The best course of action if you believe your computer is infected with malware is to perform a factory reset to wipe your hard drive clean, leaving nothing behind from the current state. You’ll also need to make sure you don’t restore from a backup where you had that malware infecting your machine, Long says. Keep in mind that it won’t erase any information that attackers may have retrieved. 

There are other measures you can take to try resolving a potential malware infection without a factory reset. Long recommends disconnecting your device from the internet to prevent it from infecting other devices on your network. Then, try using advanced malware scanners, like Microsoft Defender’s offline scanner, to try to find and resolve any threats. But be careful — infected files could harm other devices if you transfer them.

There’s not a one-size-fits-all solution to dealing with malware, but if you think your device is infected with malware, factory resetting it completely can be a good option, although it’s important to note that even a full factory reset may not be able to remove some malicious software, such as malware that’s embedded in difficult-to-reach locations, such as a rootkit.

If you click a link in a phishing email or pop-up, it’s best to act right away to minimize damage — though that’s not guaranteed. Your device may have malware installed if it isn’t working normally, you’re getting pop-ups or seeing programs that you didn’t install. 

However, the signs of malware or phishing aren’t always clear, so it’s best to use a malware scanner, like Malwarebytes, to see if malicious software was installed on your device. If so, your antivirus program can give you steps to remove it. Afterward, Long advises downloading another malware scanner to double-check and try to make sure the malware is completely removed.

On the other hand, 12% of laptop owners don’t take any action at all, which is concerning.
  
«People may not take action because they may believe it’s a false positive, but you should still verify that it’s not malware, and if it is, you should definitely take action,» Long says. A malware scanner is still a good first step for scanning your computer’s memory, files and programs for viruses.

If you suspect that you’re a victim of a scam, report it on the Federal Trade Commission’s website.

‘Cybersecurity now is a multitool approach’

Antivirus software won’t protect you from a data breach, your data being on the dark web or identity theft. 

«Cybersecurity now is a multitool approach,» Long says. «There are a number of different apps that people will want to have in addition to antivirus protection to make sure that they are staying secure and private.» 

Tomaschek recommends educating yourself about the different types of scams and viruses to stay aware of which ones are on the rise. The Federal Trade Commission has news about the latest scams and lets you report them. 

It’s also important to learn how to identify phishing and malware attempts on both your phone and computer. Look for red flags like misspellings, odd email addresses or links from domains you’ve never seen before. If you’re still unsure, contact the company directly through a different channel. Long also recommends other common internet safety practices, like using strong passwords and downloading software or apps only from verified sources, like Apple’s App Store or an official company website. 

It’s also best to make sure your computer has the latest software update, which may include security upgrades. Next, arm yourself with a wide range of tools for better online security and privacy. It may all sound like a lot, but CNET’s experts have a few recommendations to help narrow down your search for the right cybersecurity tools. Here’s a list: 

Methodology 

All figures, unless otherwise stated, are from YouGov Plc. The total sample size was 2,539 adults, of whom 1,989 own a personal laptop. Fieldwork was undertaken March 18-20, 2026. The survey was carried out online. The figures have been weighted and are representative of all US adults (aged 18-plus).