Account safety

What to Do If You Gave a Fake Recruiter Your Password

Updated June 12, 2026

If you entered a password into a fake job portal, fake onboarding page, fake assessment website, or link sent by a suspicious recruiter, act quickly. Do not panic, but do not wait. A stolen password can give scammers access to your email, job board accounts, LinkedIn, banking alerts, cloud files, or other accounts if you reused it.

Your priority is to change the password, secure related accounts, turn on two-factor authentication, and watch for follow-up scams. The faster you act, the more control you keep.

Quick Answer

• Change the password immediately.
• Change it anywhere else you reused it.
• Turn on two-factor authentication.
• Check email, LinkedIn, job boards, and bank accounts for suspicious activity.
• Watch for password reset emails or login alerts.
• Use unique passwords going forward.
• Save evidence of the scam.

Step 1: Change That Password Immediately

Go directly to the real website or app for the account. Do not use the link from the recruiter. Type the address yourself or use a saved bookmark. Change the password to something new, long, and unique.

If you cannot log in, use the official account recovery process. Check whether the recovery email, phone number, or security questions were changed. If they were, the account may already be compromised.

After changing the password, sign out of other sessions if the site offers that option. Many services let you view logged-in devices or active sessions. Remove anything you do not recognize.

Step 2: Change the Password Anywhere Else You Reused It

Password reuse is the biggest danger. If you used the same password for email, LinkedIn, Indeed, banking, school, work, cloud storage, or social media, change those passwords too. Scammers often try the same email and password combination on multiple sites.

Your email account is especially important. If a scammer controls your email, they may reset passwords on other accounts. Change your email password first if it was reused, then secure job sites and financial accounts.

Use different passwords for every important account. A password manager can help, but even without one, the rule is simple: do not let one stolen password unlock several parts of your life.

Step 3: Turn On Two-Factor Authentication

Two-factor authentication, also called 2FA, adds another step when someone tries to log in. It is not perfect, but it can stop many account takeover attempts if your password was stolen.

Use an authenticator app when available. Text message codes are better than nothing, but scammers may also try to trick people into sharing codes. Never send a verification code to a recruiter, employer, support agent, or stranger.

Step 4: Check Email, LinkedIn, Job Boards, and Bank Accounts

Look for login alerts, password reset emails, new forwarding rules, changed recovery options, sent messages you did not write, or new devices. In email settings, check whether messages are being forwarded to an unfamiliar address.

On LinkedIn and job boards, check your profile, messages, applications, resume files, and saved contact information. A scammer may use your account to message other people or collect more personal information.

If you reused the password on banking or payment apps, contact the provider and monitor transactions. If you see anything suspicious, report it immediately.

Step 5: Watch for Follow-Up Scam Attempts

After you respond to a fake recruiter, you may receive more messages. Scammers may pretend to be account support, fraud recovery agents, police, lawyers, or another recruiter. Be careful with anyone who says they can recover money or fix the problem for a fee.

Also watch for new password reset emails. If you receive a code you did not request, do not share it. Change the password again if needed.

Step 6: Save Evidence and Report the Scam

Save screenshots of the recruiter message, fake portal, website address, email address, phone number, username, and any forms you filled out. If you sent money, save transaction details.

Use the Report a Scam page for official reporting options. If you also sent your SSN, ID, or bank details, read what information not to send recruiters too early and consider identity theft protection steps.

How to Avoid This Next Time

Do not log in through links sent by unknown recruiters. Verify the company website yourself. Be cautious with job portals that appear only after a text message or Telegram chat. A real employer should be able to provide an official job posting and company email address.

Before entering information, use the Fake Job Offer Checker or read how to verify a recruiter email.

FAQ About Fake Recruiters and Passwords

Should I change my password if I only clicked the link?

If you only clicked and did not enter information, the risk is lower. Still, close the page, avoid downloads, and watch for suspicious account alerts. Change your password if you typed it anywhere on the page.

What if I used the same password on other websites?

Change it everywhere you reused it. Start with email, banking, job boards, LinkedIn, cloud storage, and any account that can reset other passwords.

Should I contact my bank?

Contact your bank if the password was reused on financial accounts, if you entered bank information, or if you notice suspicious transactions. It is better to ask early than wait.

Can a fake recruiter steal my identity with a password?

A password alone may not be enough for identity theft, but it can help scammers access accounts that contain personal documents, resumes, addresses, tax forms, or private messages.

Is changing the password enough?

Changing the password is the first step, not the only step. Also enable two-factor authentication, sign out of unknown sessions, check recovery settings, and monitor for follow-up scams.