Is a password reset email I didn't request a scam?
An unsolicited password reset email usually means someone is trying to take over your account or test whether it exists. Do not click the reset link — just ignore it or secure your account.
Last reviewed: 1 June 2026
Explanation
Receiving a password reset email you did not request can mean several things: a scammer is attempting to break into your account and triggered the reset, someone typed your email in error, or your email was included in a credential-stuffing attempt. Simply receiving this email does not mean your account has been accessed — but it is a warning sign. The risk is if you click the link (which may be a phishing link in a fake reset email) or if you are using a weak, reused password. If the email is genuinely from the service, you can safely ignore it and your password will not change. Then log in to that service directly, check for any unauthorised access, and enable two-factor authentication.
Common red flags
- You did not request a password reset
- Multiple reset emails for different accounts in quick succession
- The email sender domain does not exactly match the service
- Link in the email goes to a domain different from the official service
What to do now
- Do not click any link in the email if you are unsure of the sender
- Log in to the account directly through the official website
- Change your password if you reuse it across multiple services
- Enable two-factor authentication on the account
Frequently asked questions
Should I click the reset link to cancel the request?
No. You do not need to do anything — the link will expire automatically. Clicking it confirms your email is active and may lead to a phishing page.