Password Reset Phishing
Fake password reset emails designed to steal your credentials
How this scam works
Fake password reset emails or texts claim there was suspicious activity on your account or a sign-in from a new device. They direct you to a fake website that steals your login credentials when you try to "reset" your password.
These phishing attempts often look very convincing, copying the exact design of legitimate emails from Google, Microsoft, Apple, and other services.
Warning signs
- ⚠️Password reset you didn't request
- ⚠️Unusual sign-in alert from unknown location
- ⚠️Link doesn't match official website domain
- ⚠️Creates urgency about account security
- ⚠️Requests current password (legitimate resets don't need this)
- ⚠️Email sender domain doesn't match official domain
Real examples
“We noticed a sign-in attempt from a new device. If this wasn't you, reset your password immediately: google-security-check.com”
Fake domain. Google uses accounts.google.com for security, never third-party domains.
“Apple ID: Your password was changed. If you didn't make this change, secure your account: appleid-verify.com”
Fake domain. Apple uses appleid.apple.com only.
What to do
- ✓Never click password reset links you didn't request
- ✓Go directly to the official website to check your account
- ✓Check the sender email domain carefully
- ✓Use a password manager that won't autofill on fake sites
- ✓Enable two-factor authentication