An employee clicked a phishing link. What to do now
Act now. Reset the employee's password immediately, then enable two-factor authentication on their account if it isn't already on. If they entered financial information or SSN, call your bank and credit card company to put a fraud alert on the accounts.
Phishing emails look real but are designed to steal passwords, credit card numbers, or personal information. The employee clicking the link doesn't automatically mean their account is compromised. It depends on what information was entered and whether the attacker got in. Your immediate action is to reset the password, enable two-factor authentication, and check for any account activity. If company data was involved, we need to know so we can check for breaches and lock down systems.
Fix-IT-Bot will walk you through each step — just tap, no typing needed.
Skip — I just want a technicianCommon mistakes to avoid
- Waiting to reset the password. Every minute you wait, the attacker can be in the account. Reset immediately
- Telling the employee to change their own password without resetting it first. Let them know about the reset and two-factor setup
- Not enabling two-factor authentication after resetting the password. This is the step that stops attackers getting back in
- Not checking account activity and forwarding rules. Attackers set up email forwarding to spy on what's happening
Signs you need professional help
- An employee's company email or Microsoft 365 account was compromised. Call IT immediately; you're not sure if the email was phishing or legitimate. Forward it to IT and they'll analyze it; financial or personal information was exposed. Contact your bank, then contact IT to check for company data breaches; or the employee is locked out of their account or can't reset their password.
Book a technician
We can fix most issues remotely in 15 minutes. Weekend appointments — book your slot and we handle the rest.
Was this guide helpful?
Can't fix it yourself?
Most issues are resolved remotely in 15 minutes. Weekend appointments only — no parts, no in-home visit needed.