The most insidious phishing scams are usually those that fold themselves into the flow of the common types of emails we receive every day.

For example, if you get a fake receipt from a retailer that you’ve never done business with, you’re likely to stop and examine that further before taking action. But if you get a request for a password reset, something that people may get a few times a month legitimately, you may be more likely to believe it and click the link.

Phishing scammers are always looking for ways to get past IT security, especially when it comes to cloud accounts. Companies are now keeping most of their data in the cloud and powering their operations through cloud software. 

All a hacker needs to gain access to multiple company resources is one user’s login credentials.

77% of cloud account data breaches are due to compromised passwords.

Credential theft has been on the rise as companies have come to rely more on the cloud, and this had led to one of the most dangerous types of phishing emails – the Password Reset Scam

How Does the Password Reset Scam Work?

In a large company, it’s not unusual for a security policy to be put in place that requires users to change passwords after a certain period. This may be done automatically by an administrator, and users all get a password reset email.

What the fake password reset email scam does is mimic this common activity. Only it sends the user a fake request to reset their password on a specific account in order to steal those login details.

Scammers send these emails for multiple account types and may even have some information from another source that allows them to target you with a particular type of email. For example, if they’ve breached a list of “ABChost” website hosting customers, they may send all those customers the fake password reset for their account on that service.

This is what happens on the user’s side:

• The user receives an email that appears to be from a sender they recognize. It might be their own organization, a SaaS provider, or another type of account.

• The email requests that the user reset their password for some reason or log in to “verify” their account.

• If the user clicks the link, they’re taken to a page that looks identical to the login page they’re used to seeing.

• They’re asked to input their username and password and then may be prompted to put in a new password.

• The form is fake and it’s only designed to steal the user’s login.

• It may be hours or days before the user realizes their account has been hacked.

Types of Password Reset Scams to Watch Out For

Microsoft Account Password Reset

A popular scam email appears to be from Microsoft asking a user to reset or re-validate their Microsoft 365 account. One that’s been going around says:

“Please complete your account verification and re-validate account ownership security. To help keep you safe, upgrade to a more secured outlook account platform.”

The fake email includes a Microsoft support address in the “from” line and a signature that looks legitimate, with links to a privacy notice and acceptable use policy.

Netflix Account Password Reset

Here’s an example of a Netflix phishing scam shared by Mailguard. It looks like a legitimate email from Netflix and will even take the user to a page that looks just like the Netflix login page.

But it’s designed to steal the user’s credentials, just like other scams. Notice how the email itself doesn’t mention password reset. This could be to get past newer spam filters and to keep the user from immediately getting suspicious. Of course, when they click “verify now,” it takes them to a page where they must log in.

Fake phishing email

Social Media Account Password Scams

The password reset scam is also prevalent over social media. Scammers know that most people have at least one social media account, so it’s easier for them to send a message that would be appliable to the user.

They’ll send fake password reset or password verification emails that look to be from Facebook, Twitter, Instagram, LinkedIn, and other platforms.

How to Spot a Fake Password Reset Email

This type of phishing scam can appear to be from any type of account. Your work email account, business SaaS platform, online retailer, bank account, and any other account that you log into online.

Here are some tips to help you spot a fake.

Look for any slight inconsistency: This can include something as small as the word “outlook” not being capitalized in an email purporting to be from Microsoft. A major corporation would not forget to capitalize its application names.

Double-check the email header: Email spoofing is a common trick to get a user to think a fake email is legitimate. Don’t trust what you see on the “From” line. Go into the email header code to see if the address matches what’s shown.

Avoid clicking any links: If you’re unsure about a password reset email, go to the account in question by typing the URL in your browser and NOT by clicking the link in the email. You can contact support for the site to see if you truly do need to do a reset.

You can find more tips for spotting fake emails here.

Looking for Solutions to Combat Phishing & Spam?

Reducing the number of phishing emails that make it into your inbox significantly reduces your risk of an account compromise. BrainStomp can help your business put intelligent email filtering in place to reduce phishing and spam.

Schedule a free consultation today! Call 260-918-3548 or reach out online.