Beware password reset phishing emails

I’ve been receiving an increasing number of this type of email scam lately so I have to assume that many others are as well. I get emails supposedly from Microsoft to reset my Office 365 password every couple of days and a week doesn’t go by without the same phishing email about my Amazon account as well.

Have you ever received an email from an internet-based service claiming that you’ve requested to change the account password, even though you haven’t? If yes, you are not alone.

One of the oldest (and most used) internet scams in the book are phishing emails: unsolicited messages that look legitimate and prompt the user to change their password for an online account. Password reset emails are common for recovering social media accounts like Facebook and Instagram or other accounts like your Apple ID, eBay, and Amazon.

Fortunately, there are many ways to recognize fake password reset emails and keep your information secure. Understanding how phishing emails work is the first step to maintaining your email security.

We all need to be aware of the common traits of a “phishing email”
Generic greetings: Legitimate password reset emails typically address you by your name or account name. Be wary of messages that use greetings such as ‘dear customer’ or ‘dear user’.

Urgency and threats: Scammers use urgency and threats to manipulate recipients into acting fast. If an email claims immediate action is required to prevent dire consequences, it should raise suspicion.

Unusual sender addresses: Always be sure to check the sender’s email carefully. Cybercriminals often use email addresses that resemble legitimate ones but have subtle variations.

Incorrect URL links: Look over all of the links in the email before clicking on them. If the displayed URL seems different from the official website, it is likely a phishing attempt and should be avoided at any cost.

Grammatical errors: Many fake emails contain grammatical errors or awkward language usage. Legitimate organizations won’t send emails that don’t follow a high standard of communication, so spotting typos or mistakes is usually a sign of a malicious email.

Using strong and unique passwords for all your accounts and securely storing this data in a trustworthy password management app with two-factor authentication activated will help safeguard your credentials from many security risks.

As far as preventing these types of emails from coming in, the sad truth is you really can’t. Your email address has found its way onto a scammer’s email list, and once that happens it’s literally impossible to have it removed. In fact, the scammer will likely sell that list to other scammers, eventually resulting in an increase in the number of phishing emails you receive.

Bottom line: Never click links in emails claiming you need to change your password, regardless of how legitimate the message appears to be.

Instead, visit the website in question directly via a known good URL or bookmark and log in to your account from there. If some action needs to be taken, you’ll be asked to do it after you log in.

Of course, there will likely be times when you’ll need to initiate a password change yourself, and you’ll receive an email with instructions for resetting it.

In those specific instances, you can safely interact with the emails to reset your password. However, you should assume that ALL other password reset emails are fraudulent.

Just remember that the ONLY legitimate emails asking you to change your password will be in direct response to a password reset request that you initiated yourself.

To check if YOUR email address has been stolen in a data breach go to this website:
www.HaveIBeenPwned.com

If you’re looking for a secure password manager with both Free and paid subscriptions take a look at BitWarden. They have both personal and business versions available.
www.BitWarden.com/pricing