Fake Email Password Reset

Click to view larger

Fake Email Password Reset: a reader asks…

I got this email saying my email account password was reset. Before I click the link to reset my password, I thought I’d check with you. Is this real or fake?

It’s fake. Do not click the link, just delete the email. This is a phishing scam and would take you someplace you don’t want to go, in an attempt to get you to divulge your email password. The easy way to tell this is fake is to hover your cursor over the Click here link in the email. The actual web address of that link is displayed in a small “tooltip” that pops up. As you can see from the screenshot, it links to a strange URL.

Advertisement

Let’s take just a moment to deconstruct URLs so you can quickly tell fake ones from good ones. In the URL immediately after the https:// part you’ll find the website address that ends in .com, or some other suffix. For example, it could be www.positek.net, positek.net, something.positek.net or something.something.positek.net. The important thing to remember is that anything before the suffix (.com or any one of hundreds of others that have a dot at the beginning) is the primary website. Anything after (such as /somepage) gives further definition to specific pages within the website.

A common way for folks to try to fool you is to put something after the website address that looks legitimate. For example, if they put https:// followed by fakesite.com followed by /microsoft.com/secure/signinpage.html. You might miss the actual website address (fakesite.com) and see the microsoft.com part thinking that you’re looking at a Microsoft site, but you’re not. You’re looking at a page constructed at fakesite.com.

Another way is to use something very close to a legitimate website address. One of the most famous was whitehouse.com (which pointed to a porn site) instead of whitehouse.gov (which pointed to the legitimate site. You may also see sites that are a simple mis-spelling of the legitimate site’s URL. An example would be citibnk.com instead of citi.com (for the Citibank site).

You should always know where a link will take you before you click the link. Easiest way is to hover over the link and see what pops up. In an email it’s usually a tooltip (small box near the link). On a webpage, the link URL might show up at the bottom-left of your browser window.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.