Fake Password Reset Phishing Email Scam Examples
Phishing emails impersonate well-known services and send fake password reset prompts to harvest your login credentials on a lookalike sign-in page.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Security alert: a password reset was requested for your [service] account. Click here to confirm or cancel this request: [fake link]. If you do not act within 30 minutes your account will be locked.
[Service name]: Unusual activity detected. To protect your account, verify your identity and reset your password immediately: [fake link]
Your [service] password expires today. Update it now to avoid losing access to your account and saved data: [fake link]
What the scammer wants
To direct you to a fake login page and capture your username, password, and sometimes a one-time code, enabling full account takeover.
Red flags in the message
- Reset email arrived without you requesting it
- Extreme urgency — account locked or deleted within minutes
- Sender domain does not exactly match the official service
- Link on hover leads to a different domain
- Requests current password to 'confirm' your identity before resetting
A safe response
If you did not request a reset, go directly to the service's official website to change your password, then enable two-factor authentication. Do not click the link in the email.
What not to send
- Your current password
- One-time codes or backup codes
- Answers to security questions
What to do if you already replied
- Change your password immediately via the official site
- Enable two-factor authentication if not already active
- Check your account for any unauthorised changes or linked devices
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times