Question from Sue: Yesterday I started getting emails from several websites that I mostly infrequently use or don’t use at all, such as Microsoft, Walmart, and Instagram.
But now I’ve received two more emails from two websites (AirBnB and eBay) that I DO use.
These emails were all in regard to resetting my password – either the password was already changed or a request to change it.
I’m confused about what’s going on and what I need to do?
One email stated the request came from Malaysia and one from Russia, both of course I’m not visiting.
The requests definitely appear to be from the legitimate website – no misspelled words, correct internet and physical addresses, privacy statements, etc.
I changed the passwords on all the websites and updated and ran my Avast antivirus. But now I’m getting really concerned that “they” will figure out my passwords for more important websites such as banking, credit cards, etc.
I assume that I went on a bad website or something else. What happened and how can I fix it (preferably without changing each password separately as I’m pretty lazy) and prevent it from happening again?
Rick’s answer: Sue, those frightening emails might appear to be legit, but trust me they are not! They aren’t coming from the companies they claim to be coming from.
Before you do anything else, if you clicked on a link in any of those emails and tried to change your password you need to visit those websites directly from a known-good URL or bookmark and change your passwords from there, ASAP.
Whatever you do, do not visit the website(s) by clicking the links in the email(s)!
Now that we have that taken care of, here’s what’s actually going on with those emails…
The emails you’re receiving are phishing emails with links to realistic looking, but fake copies of the real websites that you have accounts with.
If you enter your password on one of those fake websites you’ll actually be handing your account password to a hacker/thief.
If you didn’t respond to those fraudulent emails in any way (especially if you didn’t click any links in the emails) you should be just fine.
Simply delete any new emails of that nature that come in in the future.
Just to be safe, I recommend that you follow the steps listed in this post to run a thorough series of malware/virus scans on your PC.
As far as preventing these types of emails from coming in, the sad truth is you really can’t.
Your email address has apparently found its way onto a scammer’s email list, and once that happens it’s literally impossible to have it removed.
In fact, the scammer will likely sell that list to other scammers, eventually resulting in an increase in the number of scam emails you receive.
Unfortunately, this problem always gets worse instead of better.
Bottom line: Never click links in emails claiming you need to change your password, regardless of how legitimate the message appears to be.
Instead, visit the website in question directly via a known good URL or bookmark and log in to your account from there. If some action needs to be taken you’ll be asked to do it after you log in.
Of course there will likely be times when you’ll need to initiate a password change yourself, and you’ll receive an email with instructions for resetting it.
In those specific instances you can safely interact with the emails to reset your password. However, you should assume that ALL other password reset emails are fraudulent.
Just remember that the ONLY legitimate emails asking you to change your password will be in direct reponse to a password reset request that you initiated yourself.
I hope this helps, Sue. Good luck!
Bonus tip: This post has more info about how to recognize and avoid fraudulent emails.