Today I received a simple but deceiving email. The email simply indicates that I need to reset the password. Since this was an email sent to one of my personal emails I was immediately suspicious since I don’t use a single sign-on with this account.
Here are some tips on how to spot a fake email:
- I don’t recognize the sender.
- There is no site information so it is difficult to determine what site this password change pertains to
- There is a reference to a random password. How do they know I have a random password?
NOTE: The links in the email below are highlighted for illustration purposes only; the actual links have been disabled.
From: passwordreset@sso.com
Sent: Tuesday, November 21, 2017 7:10 AM
To:
Subject: Single Sign On – Password Reset
Attachment: None
Body Content:
Please click the link below to reset your random password.
Click here <LINK NOT ACTIVE> to setup or reset your password.
Following is a portion of the link https://ws-aopaprod2.personifycloud.xxx/SSO/xxx which takes you to the following site:
As you can see, the site doesn’t have any identification other than a field to enter the new password. Even if this is a valid site, this will be a poor design since there is no way for the site visitor to see what site they have reached,
As a general rule:
- If you don’t recognize the sender, don’t open or click on the link.
- If the email is from someone that you know but the email looks suspicious or too good to be true, don’t open it; confirm with your friend that he/she intended to send you the email by call or text; don’t reply to the email.
- Ignore and delete any emails that ask for your bank account information, SSN, driver’s license number, Passport number, etc.
- Don’t open any attachments from unsolicited emails, they usually contain a virus.
- Place the cursor on top of the link (Don’t click it!) to reveal the address location where the link will take you (the link may be displayed in the lower left corner of the screen)