What is the fake password reset email scam?
A fake password reset email scam uses emails that claim you requested a password reset when you did not. These messages are designed to look like they come from real companies and push you to click a link to “secure” your account. The link leads to a fake login page where scammers steal your password.
How this scam usually works
The email often says someone tried to access your account or that a reset request was submitted. It includes a button or link labeled something like “Reset password” or “Secure your account.” Clicking the link takes you to a website that closely imitates the real service, and entering your login information gives scammers direct access to your account.
How to protect yourself
If you receive a password reset email you did not request, do not click any links. Instead, open the service’s website or app directly and check your account activity there. Be cautious of emails that create urgency, use generic greetings, or come from slightly altered sender addresses. Password managers can help by refusing to autofill credentials on fake sites.
What to do if you’ve been affected
If you entered your password into a fake reset page, change it immediately on the real website and anywhere else you reused it. Enable two-factor authentication if available and review recent login activity for anything unfamiliar. Save the email and report the scam at ReportFraud.ftc.gov, especially if your account was accessed or money was lost.