What Is the Password Reset Link Scam?

A password reset link scam is a phishing attack in which scammers send a fake password reset link via text or email for your social media or bank account. Clicking on the link redirects you to a fake login page. The page is designed to steal your login credentials as soon as you enter them. 

The login page seems identical to the real login page of the platform you’re changing the password of. This makes detecting a reset password link hacking attack challenging. This guide walks you through a brief explanation of how password reset link scam works, ways to protect your account from a password reset link attack, and how to mitigate this attack. 

What Is the Password Reset Link Scam?

A password reset link scam is a phishing attack where scammers try to steal your login via a fake password reset link. Clicking on this link takes you to a page that looks identical to a real login page. The moment you enter your credentials, the scammer sees them and steals your login info, i.e., the username and password. 

How the Scam Works

You don’t get a reset link out of nowhere. The scam is planned and goes through various stages before the scammer steals your login info. Here’s a brief breakdown of how the password reset link scam works:

• Scammers guess the target’s username or utilize some previously leaked data, such as your phone number or email. 
• You get a legit-looking email or text. The message claims that you requested a password reset and your account is at risk. There will be a sense of urgency to prompt quick action. 
• The message urges you to click the link to secure your account, i.e., by resetting the password. 
• Once you click on the link, you’re redirected to a fake login page. This will beidentical to the official page. The page requires you to enter your login details, i.e., the username and password. 
• The hacker records your login info as soon as you enter it.
• Once they have your details, hackers can access your account, steal the required data, and lock you out of it. 

What Are the Dangers of a Password Reset Attack?

A password reset scam is a phishing attack. As per Zensec, there are 3.4 billion phishing emails sent daily across the globe. And, password reset scam emails are among them. Considering the urgency created in the emails, many fall victim to this phishing attack. Clicking these emails and filling in the credentials may result in the following consequences: 

• Account Takeover: Attackers gain full access to your account. They might steal your sensitive data and lock you out of your account permanently. 
• Identity Theft: The data can be used for impersonation. For example, a hacker might commit financial fraud using your identity. 
• Financial Loss: Hackers may steal directly from your financial accounts or make unauthorized purchases using saved payment methods. 
• Data Breach Escalation: Your sensitive work documents, confidential messages, and other details can be leaked. 
• Lateral Movement: Hackers often use compromised email to reset passwords on other accounts as well, which often triggers a chain reaction. 
• Reputational Damage: Attackers can post malicious content from your social accounts and send phishing emails to your contacts. They might also damage your professional reputation through compromised business accounts. 
• Permanent Data Loss: Hackers delete important files and backups, destroy the hacked accounts’ assets, and remove all recovery options.
• Secondary Attacks: The hacked account can be used for spear phishing. The hacker can access your network, which may result in further cyberattacks.

How to Identify a Dangerous Password Reset Email Link

You can identify a dangerous password reset email link by noticing the common red flags, such as an unsolicited request, a sense of urgency, and a suspicious link. Here are the 10 signs that help you identify a dangerous password reset link: 

1. You didn’t request it: this is the most obvious red flag. Treat the request with extreme suspicion if you didn’t initiate the reset request yourself. 
2. Sense of urgency: The message has a sense of urgency. For example, “your account will be deleted in 24 hours if you don’t reset the password now”. 
3. Generic Greetings: Phishing emails often have a generic greeting, such as Dear Customer, Dear User, or Dear Account Holder, instead of your actual name. 
4. Poor grammar: Scam messages often have obvious mistakes in grammar or punctuation that an official email won’t have. 
5. Mismatched sender address: The email might seem similar to a legitimate company’s. However, there might be grammar and punctuation errors, extra characters, or a public domain. 
6. Suspicious link destinations: Hover over the link and check where it routes. Instead of “Reset your Password,” the link might route to a suspicious domain. The URL must begin with HTTPS instead of HTTP. 
7. Request for additional information: Legitimate password reset emails will never ask you to reply with your password, security answers, Social Security number, or credit card details.
8. Includes attachments: Password reset links shouldn’t include attachments, such as .exe, .zip, or .scr files. Attachments are a major red flag. 
9. Blurry logos and attachments: Logos appear blurry, low-quality, stretched, or colors seem “off” compared to the company’s official communications.
10. Missing company information: The email or the text message will lack the physical company information, address, proper privacy policy links, or official contact methods. 

How to Protect an Account From a Password Reset Link Attack?

Enable Two-factor/Multi-factor Authentication (2FA/MFA) to protect your account from a password reset link attack. This helps avoid potential cyberattacks and makes it challenging to access an account even with the password. Here are the steps we recommend taking to protect an account from a password reset scam: 

1. Enable MFA: This is the most effective measure. Multi-factor authentication requires another verification along with the password, which makes it challenging for hackers to access an account even with the password. 
2. Never trust uninitiated messages: Do not respond to password reset emails or messages if you did not initiate the request. Avoid clicking on random links and attachments in the message. 
3. Verify the sender’s email address: Check the sender’s email address and domain name for grammatical errors. 
4. Know about the red flags: Go through our above-mentioned list of red flags and verify the sender’s email address. 
5. Monitor your account activity: Check your accounts for unusual login activity or patterns. 

FAQs – Password Reset Link Scam

Final Note

Setting up MFA is the best way to avoid password reset link scams. MFA creates a layer of protection, i.e., a hacker can’t access your account with a password only. They must have your other source of authentication to log into your account, making it almost impossible to log in. 

Moreover, set strong passwords for your accounts. Create passwords with least 12 characters, have numbers, letters and special characters. We recommend using FastestPass Password Generator to create strong passwords in seconds!