When you are entering your username and password at a website to access your account, you may see a small "Forgot Password" text link. If you can’t remember your password, and you click this link, the account holding company will send you an email that allows you to reset your password. This type of email reset message, like the one below, would be a legitimate one.
However, some password reset emails you receive are fake, usually attempting to trick you into revealing your username and password to a hacker.
When you receive email messages asking you to reset a password when you did not make the request, the message could be a fake. Some of the reasons you may receive fake emails like this include:
Beware the bait: A hacker is attempting a phishing attack, hoping you’ll click on a fake link in the message.
Privacy alert: You potentially shared your email address at an unsafe website, and hackers are trying to steal your account password by tricking you into revealing it.
Security warning: Your account has some sort of security issue that is triggering these messages.
Update required: You may need to update your software or app to the latest version.
The password reset email message you are receiving could be a legitimate request. It may indicate that your account is under attack from a hacker. You can protect yourself in a few ways.
Go to the website directly and access your account. Then change your password to make it stronger.
Set up two-factor authentication (2FA) on your account. Should someone figure out how to hack your account password, having the second verification requirement significantly protects you.
Reach out to the website that holds your account for help with taking the necessary steps to protect yourself.
You may receive the message because you need to change your password every few months to match the requirements of the company holding the account.
Never click on a link in the email message as it could be a fake. If you click on it, you may actually give the hacker the information to take over your account rather than protect your account. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
2. Remove unauthorized devices. Some accounts maintain a list of devices authorized to use your account. If a hacker manages to gain some of your personal information, it may be able to add one of its devices to your authorized list, triggering account login errors as it tries to hack your password. Check the list of authorized devices and remove any items you don’t recognize.
The process varies, depending on the type of account. We'll cover steps for Microsoft, Gmail, Yahoo and AOL.
Remember to regularly check your account settings and authorized devices to ensure the security of your accounts. If you suspect any unauthorized access, it’s also a good idea to change your passwords and review your account recovery options.
3. Sort such messages to spam. If you’d prefer to simply not see these kinds of email messages, set up your email client to sort messages like this to a spam folder. (Because many of them are spam, some email clients do this automatically.) Should you ever legitimately request a password reset, though, you’ll need to remember to look in the spam folder for the message.
4. Use a static IP address. Some accounts attempt to recognize your device through your IP address. If you have a dynamic IP address, your IP address changes constantly, meaning the account may not recognize your device, triggering the reset message. This often occurs because you are using a VPN. See if your VPN allows you to use a static IP address.
Although it can be frustrating to receive password reset emails, you should investigate any request like this that comes from an account you use regularly. Reach out to the customer service team for the account where you are having the issue. You may find that a simple glitch is causing the issue. Fix that, and you can put a halt to these frustrating messages. Or if it is a fake password reset email, you now know how to handle the situation to stay safe and secure.
Can you share a time when you strengthened your online security measures in response to a threat? What prompted it and how did you do it? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.