How would you handle a situation where an executive reports clicking a suspicious link, but your endpoint protection shows no immediate alerts?