Possible dangers behind a password reset notification

Have you just received a password reset notification to your email?

If you have just forgotten your Facebook password and asked to reset it, you should have no concerns and follow the link.

Yet, if you keep receiving these notifications without having requested them, that might be a trap.

Read the article and learn the possible dangers behind a password reset notification.

In what cases can you receive a password reset notification ?

There are only a few cases when you might receive a password reset notification:

• you forget a password and click ‘reset my password’;
• a legitimate company leaks data and therefore asks users to update their credentials;
• somebody accidentally types in your email;
• a cybercriminal tries to lure you into a phishing attack.

In the first three cases, you should immediately update your password. This will help to keep your account safe.

The latter reason, however, is the most concerning and damaging.

Let’s take a closer look.

The cybercriminals might use the three former techniques to trick the victim. This way, you might give away your password to your valuable account. Consequently, you might think you have just updated your password. In reality, you have just lost access to your account.

How does a phishing attack work?

Phishing attacks are a type of social engineering attack. The goal of a cybercriminal is to trick you into giving away sensitive information (in this case, a password). Later, hackers steal information from the account, resell the password, or dump your data into the dark web.

Last year, 90% of data breaches occurred due to phishing attacks. This is a well-working method that hackers use to steal users’ data.

Therefore, if you randomly received a password reset notification, you might have just become a victim of a phishing attack.

Why do people get tricked?

People fall victim to such type of scam because urgency and fear play a significant role.

Usually, when people randomly receive a password reset notification, they get terrified about their account security. They immediately want to protect their account from unauthorized login. Therefore, they hurry up and change their password without paying much attention.

When a person reads the message telling him that someone tried to log in to his account, he immediately follows the link and provides sensitive information. When a person types in his old password to create a new one, the hacker receives the old credential.

He can then use the known email and password combination to log out the victim from his account, perform criminal actions, and steal information.

How to recognize a fake password reset notification ?

Recognizing a fake password reset notification (or any phishing scam) is easy when you know what to look for.

Protect yourself from phishing attacks by paying careful attention to the context and content of the message. Here are the 5 tips:

1. Have you just received a password reset notification? Think about the context. Have you requested the reset? Did you click on any ‘forgot a password’ buttons?
   1. If yes, review the sender and evaluate the credibility of the message. Proceed to password reset if everything seems credible.
   2. If not, be extra vigilant – the successful phishing attack might wait just behind the corner. Review the content of the message carefully before clicking on any link.
2. Check the sender. Is it a legitimate sender with the correct email address? If Facebook sends you an email from the [email protected] or any other misspelled domain, it is not Facebook.
3. Evaluate the message. Are there any grammar or spelling mistakes in the email? What is the reason for a password reset? If the email does not clearly state why you received it, or if you notice grammatical mistakes, consider it a scam.
4. Check the links (without pressing on them). Use your mouse to hover on a link in the email. Where does the link direct you? Is it a legitimate website? Is the domain spelled correctly? If you notice even one discrepancy, do not click on the link.
5. Be extra careful when entering your password. If you did click on a link, be vigilant about the website. The website might be a replica of the actual website, so it looks the same. Only enter your password when you are sure you are actually browsing Amazon.com (not ama.zon, A1mazon, etc.). If you notice any misspelled words, immediately leave the website.

Every time you receive a random password reset notification, run through this list to critically evaluate its credibility. Only after careful inspection, proceed with entering personal information.

Stay safe!