Fake Email Password Reset

Click to view larger

Fake Email Password Reset: a reader asks…

I got this email saying my email account password was reset. Before I click the link to reset my password, I thought I’d check with you. Is this real or fake?

It’s fake. Do not click the link, just delete the email. This is a phishing scam and would take you someplace you don’t want to go, in an attempt to get you to divulge your email password. The easy way to tell this is fake is to hover your cursor over the Click here link in the email. The actual web address of that link is displayed in a small “tooltip” that pops up. As you can see from the screenshot, it links to a strange URL.

Advertisement

Let’s take just a moment to deconstruct URLs so you can quickly tell fake ones from good ones. In the URL immediately after the https:// part you’ll find the website address that ends in .com, or some other suffix. For example, it could be www.positek.net, positek.net, something.positek.net or something.something.positek.net. The important thing to remember is that anything before the suffix (.com or any one of hundreds of others that have a dot at the beginning) is the primary website. Anything after (such as /somepage) gives further definition to specific pages within the website.

A common way for folks to try to fool you is to put something after the website address that looks legitimate. For example, if they put https:// followed by fakesite.com followed by /microsoft.com/secure/signinpage.html. You might miss the actual website address (fakesite.com) and see the microsoft.com part thinking that you’re looking at a Microsoft site, but you’re not. You’re looking at a page constructed at fakesite.com.

Another way is to use something very close to a legitimate website address. One of the most famous was whitehouse.com (which pointed to a porn site) instead of whitehouse.gov (which pointed to the legitimate site. You may also see sites that are a simple mis-spelling of the legitimate site’s URL. An example would be citibnk.com instead of citi.com (for the Citibank site).

You should always know where a link will take you before you click the link. Easiest way is to hover over the link and see what pops up. In an email it’s usually a tooltip (small box near the link). On a webpage, the link URL might show up at the bottom-left of your browser window.


This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek (send to @PosiTek), Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net (send to Support@PosiTek.net), Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required) using any credit card (no Paypal account required), using Zelle, Apple Pay or Google Pay, or by mailing a check or cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thank you!

Go to Top of Page

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.