Be careful, don’t check the fake password notification in the email – Cybercriminals do not tire of trapping their potential victims. This time, they mostly attack users linked to company accounts.

We may often find that most online services have a built-in security system that provides alerts when it detects ‘unusual’ activity in a user’s account.

For example, notifications to reset your password or set the phone number and email address linked to your account.

Phishing with this ‘fake notification’ scheme has often happened, even affecting the accounts of many workers in the company.

Below is an example of a fake notification received by an account owner to change their phone number.


This email looks like a criminal who doesn’t know what the actual email looks like. Starting from the use of the wrong language to logic that seems dubious.

“This is shown by linking a new phone number and simultaneously how to send a password reset code. The support email address also doesn’t lend credibility to the message: there’s no plausible reason why the support email should be placed in a foreign domain,” Kaspersky wrote about the appearance of the email.

Then, the attackers wait for their victims to click on ‘Don’t Send Code’ and then they will be redirected to a website that mimics the account login page.

Also read: Dear Millennials, use this method so that parents’ passwords are safe

This is where criminals steal their passwords from. The hijacked email accounts will then be used for BEC (business email compromise) attacks or as a source of information for further attacks using social engineering.

“In general, it is best to keep phishing emails out of employee inboxes as a whole. Ideally (plus all other unwanted correspondence, including messages with malicious attachments and BEC-related emails) should be intercepted at the email gateway level,” said Roman Dedenok, security expert at Kaspersky.

So, to avoid phishing in the form of emails containing fake notifications, users can follow these tips.

First, never click on links in automated security notifications, whether they appear real or not.

Also read: 4 Tips for Giving Advice to Parents Who Are Internetless

Second, when receiving a notification, check the security settings and linked details, do it by manually opening the website in the browser.

Furthermore, notifications containing irregular words (as in the example) should be ignored and removed.

If the notification looks real, notify the security team or the relevant service, it may be a sign of a targeted attack.

Help us get to know you better by filling out a survey here