First off, why did the IT consultant have someone else's password? Why did he give it out? Sounds like they need to stop using a consultant that can fall for a stupid social engineering trick.

For you I'd have to say job well done.