Fake Password Reset Phishing Email Scam Examples
This email impersonates a well-known service, claiming your password needs an urgent reset due to suspicious activity, and links to a fake login page built to capture your username, password, and sometimes a one-time code. The scammer's real goal is full account takeover, which can cascade into other accounts if you reuse passwords. The lever is manufactured urgency around account security — the very thing meant to protect you gets weaponized to bypass your caution. Never reset a password through an emailed link; go to the service directly through its app or a manually typed address instead.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Security alert: a password reset was requested for your [service] account. Click here to confirm or cancel this request: [fake link]. If you do not act within 30 minutes your account will be locked.
[Service name]: Unusual activity detected. To protect your account, verify your identity and reset your password immediately: [fake link]
Your [service] password expires today. Update it now to avoid losing access to your account and saved data: [fake link]
What the scammer wants
To direct you to a fake login page and capture your username, password, and sometimes a one-time code, enabling full account takeover.
Red flags in the message
- Reset email arrived without you requesting it
- Extreme urgency — account locked or deleted within minutes
- Sender domain does not exactly match the official service
- Link on hover leads to a different domain
- Requests current password to 'confirm' your identity before resetting
A safe response
If you did not request a reset, go directly to the service's official website to change your password, then enable two-factor authentication. Do not click the link in the email.
What not to send
- Your current password
- One-time codes or backup codes
- Answers to security questions
What to do if you already replied
- Change your password immediately via the official site
- Enable two-factor authentication if not already active
- Check your account for any unauthorised changes or linked devices
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
I entered my password and a one-time code on the fake page — how bad is this?
This is serious, since a code combined with a password can let an attacker bypass two-factor protection in real time. Change your password immediately on the real site and check for any new devices, forwarding rules, or recovery email/phone changes on the account, reversing anything unfamiliar.
How can I tell a real password reset email from a fake one?
Check the sender's actual email address, not just the display name, and hover over links to see where they really go before clicking. When unsure, ignore the email entirely and go to the service's official site or app directly to check your account status.
Is it safe to click 'unsubscribe' or reply to say I didn't request this?
It's best not to interact with the email at all — replying or clicking any link, including unsubscribe, confirms your address is active and can lead to more targeted attempts. Delete or report it as phishing instead.
Do I need to worry about my other accounts too?
Yes, especially if you reuse passwords anywhere — change the password on any other account using the same or similar password to the compromised one. This is also a good moment to set up a password manager and unique passwords going forward.