Dave! I got an email this morning from one of the sites I frequent asking me to reset my password. It seemed to be in response to me having asked for a reset link, but I didn’t even visit that site! Is someone trying to hack into my account?
Have you ever tried to log into a Website just to realize that you have apparently forgotten your password? Most all sites don’t lock you out, fortunately, they instead invite you to click on “forgot password”. Which then generates an email message exactly like what you received. This means that the email you received might be legit or it might be a nefarious attempt to trick you into sharing your account credentials.
The latter is going to look identical – in fact, the scammers might simply tweak the official password reset email from the site – and the page you visit if you click might look completely legit too. So how do you protect yourself? Let’s look at this more closely with an email I received from a site I visit quite infrequently…
PASSWORD REMINDER EMAIL
This morning one of the email messages in my Gmail inbox was the following:
Certainly looks completely legit, doesn’t it? Before you go and click on anything, however, it’s time for a few questions. First off; did you click a “forgot password” or “reset password” link on the corresponding website? If you didn’t, that’s almost always enough to justify deleting the email and get on with your day.
But some people like to doff their deerstalker cap and detect, so let’s dig into this just a little further so we can ascertain if it’s legit and really from Fox News Channel, or a scammer.
WHO SENT THE MESSAGE?
One of the best ways to ascertain the legitimacy of an email message is to look closely at who sent it. In Gmail, you can easily do that by clicking on the tiny grey triangle by the displayed sender’s address. A window pops up:
This is indicating that it’s from esp.foxnews.com, which is legit. ESP is probably their email sender, a third party company that manages all electronic messages to/from the site. This passes the first test, but if it were from something deliberately obfuscating like f0xnews.com [did you notice the “o” is a zero?] pswrdrmndr.com or fdjkl4jd.org that would be a second reason to just stop investigating and delete the email.
WHERE WILL THE LINK TAKE YOU?
Good email programs will preview a link before you click on it, which is a great feature everyone should utilize. Even the most realistic messages can be faked, after all, so it’s possible a message from your best pal could actually link to a malware or scam site! In this instance, Gmail shows me where the “Reset Password” link leads:
“click.esp.foxnews.com” is entirely acceptable and part of the .foxnews.com domain so it, again, suggests that this is a legitimate email message. This is typically where these phishing attack, spam, or scam messages fall apart because they link to somewhere unrelated to the site, like “tipi-park.com” or “physics.somecollege.edu”. Why those sites? because they’ve hacked into the site and been able to set up secret redirects. Sometimes you’ll inadvertently click on one of these links and bounce thru a half-dozen sites as the scammer tries to make it impossible for you to track their path.
If you click, therefore, it’s critical that you closely examine the domain of the page before you enter any information or click on any further links or buttons…
Look at the address bar: my.foxnews.com. Again, the proper domain name, not something odd or confusing. That’s a thumbs up, but still leaves us with one fundamental question…
WHY UNEXPECTED PASSWORD RESET EMAIL?
In a situation like this message I received from the Fox News website, it’s hard not to be puzzled about why that’s occurred. There are a couple of common explanations, mostly related to the email looking legit but really being a phishing attack attempting to steal your login credentials. Someone might also have obtained your login credentials from a security breech on another site and be brute-force testing the same password on other sites. They might have access to your email too: If they do, and they click on the reset link, they can change your password without knowing the original password, locking you out of your own account. You can then send yourself another password reset and change it again to regain access, of course.
The fourth reason is that the scammer might be softening you up for an email they’ll send that will look the same but will actually link to a fake site so they can steal your credentials.
Generally speaking, since there’s not much you can do to stop someone else entering your email address and then clicking on ‘forgot password’ or ‘reset password’ the best solution is to ensure that your email account is secure (unique passwords!) and delete any messages that you didn’t generate by visiting the actual site. Good luck and be safe out there!
Pro Tip: I’ve been writing about online scams for many years. Please check out my spam, scams and security help area while you’re visiting for more informative articles on how to stay safe online. Thanks!
I’d add that if the feature’s available, implement 2FA on all email accounts, and any other Internet accounts you have. With 2FA enabled, even if your credentials end up on the dark web from a data breach, you won’t lose access to the affected site(s). Another suggestion I always give is to use a password vault to keep track of all your passwords, permitting you to easily use long (16 to 20 characters), unique, passwords. Finally, when I get a notification (usually from have-I-been-pwned) telling me that any of my email credentials have been found on the dark web, I immediately change my password for the affected email account, just to remain as safe as possible (2FA greatly increases credential security, but it can be gotten around too).
My2Cents,
Ernie