Advertisement
Edition
INDIA
INDIA
World
World
Get App for Better Experience
Get it on
Google Play
Download on the
App Store

Fake Password Reset Alert? You're Likely Being Hacked - Here's What To Do Now

Hackers are exploiting fake password reset messages to steal personal data. Learn how to spot warning signs and protect your accounts.

Read Time: 2 mins
Share
Fake Password Reset Alert? You're Likely Being Hacked - Here's What To Do Now
Unsolicited password reset alerts can take many forms, each with signs of potential fraud.

Hackers are using a new trick to access personal accounts - sending fake or unauthorised password reset messages. These may appear via email, text, or authenticator apps, often mimicking legitimate services you use. If you didn't request a reset, it could be an early sign of an attempted breach.  

Such alerts may result from credential stuffing, where stolen usernames and passwords are tested across multiple sites. If a match is found, hackers trigger a reset to gain control. Other times, fake reset links lead to phishing sites or malware. If you receive two-factor authentication (2FA) prompts without logging in, it means someone has your password.  

A sudden stop in text messages could indicate a SIM swap attack, where scammers hijack your mobile number to intercept codes. Always avoid clicking unknown links, enable 2FA, and contact your service provider if you suspect unauthorised activity.

How to identify suspicious password reset attempts

Suspicious password reset attempts often come as emails, texts, or authenticator app prompts. An unexpected reset email or SMS code is a warning sign, especially if you didn't request it. The most serious red flag is a 2FA prompt from your authenticator app, which means someone already has your password. Whether it's phishing or an actual breach attempt, the goal is always to gain control of your account. 

What to do if you get a password reset email you didn't ask for

If you receive a password reset alert you didn't request, follow these five steps immediately:

  • Avoid clicking links in the message: Go directly to the official website or app to verify if the reset was legitimate.
  • Check recent login activity: Look for unfamiliar devices or locations under account settings (Google, Apple, Microsoft, banking, and social media).
  • Change your password: Use a strong, unique password and avoid reusing old ones. A password manager can help create and store secure passwords.
  • Scan your device for malware: Run a full antivirus scan to detect any spyware or keyloggers that may have compromised your system.
  • Report suspicious activity: Flag phishing attempts within email platforms or file a complaint via official channels like the FBI's Internet Crime Complaint Centre.
Show full article

Track Latest News Live on NDTV.com and get news updates from India and around the world

Follow us:
Password Reset, Phishing, Credential Stuffing
NDTV News
Edition
INDIA
INDIA
World
World
Get App for Better Experience
Get it on
Google Play
Download on the
App Store
Get App for Better Experience
Install Now
Listen to the latest songs, only on JioSaavn.com