This email was trying to trick you into entering or resetting your password on a fake website.
How Password Reset Attacks Work
- Email claims your password will expire or needs to be reset
- Includes a link to a fake password-reset page
- You enter your real password thinking you're resetting it
- Attacker now has your credentials
Real Password Resets
- Happen inside your actual email client or system
- Don't request your old password (just new one)
- Are initiated by you, not by email request
- Never come with deadline pressure
Password Best Practices
- Never enter your password on pages reached via email links
- Use a password manager to store and auto-fill passwords securely
- Create unique passwords for each service
- Enable MFA on important accounts
- If you're ever unsure, contact {{team}} before entering credentials