Hey Pokkit,
I manage a bakery and I think I may have clicked on a dodgy email this morning. It looked like it was from our oven service company asking me to confirm maintenance details. I entered some basic info before I realised the page looked off. What should I do?
Hi! You did the right thing by asking straight away.
If that email or page looked suspicious, the safest thing is to treat it like phishing.
Please do these now:
- Stop using that link or page.
- Disconnect the affected device from Wi-Fi if you can.
- Change the password for the email account involved from a different, trusted device.
- If you use the same password anywhere else, change those too.
- Let your manager or IT support know right away.
If you want, send me the wording of the email or tell me exactly what information you entered, and I’ll help you think it through calmly.
Thanks. I’m Sarah, store manager at the bakery. I clicked the link on my work laptop and typed in my work email address and password. I haven’t changed anything yet because I panicked a bit.
You’re okay, Sarah — take a breath. We’ll keep this simple.
Because you entered your work email and password, please act on this as quickly as you can:
- On a different device, change your work email password now.
- If your email has multi-factor authentication, make sure it’s still enabled.
- Check whether any password reset or login alerts have arrived.
- Tell your team internally that a phishing email may be circulating, so nobody else clicks it.
- Make a note of the time you clicked and what happened after.
Don’t blame yourself — these messages are made to look routine, especially when they match real supplier conversations.
That helps. I’ve changed my password from my phone and told the owner. I still have the email open on my laptop. Should I forward it to anyone or just delete it?
Good job, Sarah — that was exactly the right move.
If your workplace has an internal process for suspicious emails, follow that first. If not, a sensible approach is:
- Take note of the sender address and any link shown in the message.
- Do not click anything in it again.
- Share the details safely with the person handling IT or security at your bakery.
- Once it’s been recorded, move it out of the inbox or delete it.
It’s also worth checking whether any unusual sent emails, mailbox rules, or sign-in alerts appear in your account. If anything looks unfamiliar, report that straight away too.
Understood. I’ve warned the assistant manager too. I feel silly because the email matched a real maintenance visit we’ve got coming up next week.
Please don’t feel silly at all. That’s exactly why phishing works — it borrows normal, everyday tasks and catches people when they’re busy.
You spotted it, you acted, and you’ve warned others. That’s a strong response.
For today, I’d just keep an eye on:
- unexpected login prompts
- password reset emails you didn’t request
- messages sent from your account that you didn’t write
- anyone else receiving the same supplier email
If you’d like, I can also help you draft a short warning message for your staff WhatsApp group or email.
Yes please, a short message I can send to staff would be great.
Of course! Here’s a simple one you can send:
Staff notice:
Please be careful with any emails about equipment servicing or maintenance visits. We’ve identified a suspicious message that looked genuine. If you receive anything asking you to click a link or confirm details, do not click it. Please forward it to management first so we can check it safely. If you’ve already interacted with one of these emails, let me know straight away.
If you want, I can make that sound more formal or more friendly for your team.
