Real Password Reset Email vs Password Reset Phishing
Distinguish a genuine password reset email from a phishing email designed to steal your credentials.
Last reviewed: 1 June 2026
Password reset phishing is one of the most effective attacks because it creates urgency around account security. Genuine reset emails follow a tight, verifiable pattern. The differences below help you act safely when any reset email arrives.
Side-by-side comparison
| Real password reset | Reset phishing | |
|---|---|---|
| Trigger | You requested it, or a legitimate security system detected unusual activity | Arrives without you requesting it, or claims unusual activity requiring immediate action |
| Sender domain | Exact official domain; no subdomains with random strings | Lookalike domain or a legitimate-looking display name hiding a different address |
| Link destination | Link goes to the service's own domain; visible on hover | Link goes to a lookalike domain or redirect service |
| Information requested | Only asks you to set a new password — no current password, no card details | Asks for current password, personal details, or payment to 'verify identity' |
| Expiry | Link expires in a fixed window (typically 30–60 minutes) with a neutral tone | Extreme urgency; threatens account deletion if not acted on within minutes |
Common red flags
- Reset email you did not request, combined with urgency
- Sender domain is a slight variation of the real service
- Link URL on hover shows a different domain
- Request for your current password to confirm identity
- Threat to permanently delete your account if you do not act immediately
Verification steps
- If you did not request a reset, ignore the email and log into the account directly to check security
- Hover over the reset link before clicking to verify the destination domain
- If you did request a reset, navigate to the service directly and initiate a fresh reset rather than clicking the email link
- Enable multi-factor authentication on important accounts to limit the impact of stolen passwords
What not to do
- Don't click a reset link in an email you didn't request without verifying the domain
- Don't enter your current password on any page reached from a reset email
- Don't ignore an unsolicited reset — change your password directly as a precaution
A safe response
If you receive an unsolicited reset email, go directly to the service's website (not via the email) and change your password there. Enable two-factor authentication.
Frequently asked questions
Should I be worried if I receive a reset email I didn't request?
Treat it as a signal that someone attempted to access your account. Change your password directly via the official site and enable two-factor authentication. Do not click the link in the email.