Ignore Emails Claiming That Your Password Has Expired

You probably know by now that you need to renew your passwords regularly to minimize the potential of a data breach. Even if this knowledge is genuinely vague, it still must be somewhere at the back of your head. Unfortunately, this aspect of cybersecurity is often exploited by scammers who try to steal sensitive information via phishing scams. If you received an email that says your password has expired, you should sit back and look at it closer because the chances are the email is fake, and it only tries to steal your personal information. If you think that you’ve seen such emails before, let’s explore the topic together in this entry.

Password reset phishing scam 101

It’s one thing when you request a password reset link from some website because you’ve forgotten your password. If that happens often, you’re probably used to seeing subject lines in your inbox that tell you about password reset. However, when a request to renew your password comes out of the blue, and the email you received says that your password has expired, this is where you should slow down.

You can start from the basic questions like, can my password expire? Most of the passwords do not expire at all. There might be certain services that require you to change your password every 90 days. It usually includes online banking and other services that deal with sensitive information. However, there is a tendency for financial services to switch to multi-factor authentication and mobile authenticator apps to avoid password renewal altogether. Hence, if you’re already using a third-party authenticator app to access certain services, the password reset phishing scam should not even bother you. You probably just delete such emails, no questions asked.

Nevertheless, there are still many websites and services out there that could be exploited by scammers. And of course, most of the time, the phishing scam reaches you via email. These phishing emails employ the spoofing technique by masquerading as reliable services or corporations. If spoofing convinces users that the email is legitimate, the scam works.

Then, users are very likely to click the outgoing link embedded in the email, because they think that they have to renew the “expired” password. Needless to say, they land on a fake website that looks like a genuine version of the service that users are familiar with. There are also several ways how this might develop further.

One, the user can be asked to fill out a form with their login information, thinking that they are about to reset the password. The reset clearly doesn’t happen, and the schemers steal the information that the user provides. Two, the outgoing link comes with malware that gets downloaded on the target computer. Then the malware itself collects and steals sensitive information from the affected system. So, as you can see, the bottom line is still the same: you lose sensitive data.

Is there no way the “your password has expired” email is ever legitimate? Well, the truth is that companies might encourage you to change your passwords, but they will never ask you to click an outgoing link to do so. Instead, you will be asked to access the website in question directly. It’s always safer to access pages manually than through a provided link, and that’s why reputable companies do not provide specific links for that.

How to avoid a phishing scam

Some security experts say that phishing scams are getting so sophisticated that sometimes even the well-trained users get duped. However, there are still certain features of a phishing email that you can look out for.

For example, phishing scam emails always come with an urgent tone. The scammers try to force you to take action without giving you time to think. And it’s not just the emails that can be used to scam you. Text messages can also be used by scammers to steal sensitive information. If you often have to use your phone to enter one-time passwords (like special temporary codes), and if your phone number has been leaked, it’s quite possible that you could receive such scam messages, too.

Aside from being wary of an urgent tone in emails and text messages, you should also consider updating your browser and disabling pop-ups. Pop-ups play a pivotal role in the phishing scam we will discuss below, so disabling them is always a good idea. Also, if some email asks for your account numbers or passwords, simply do not respond to the urge to interact. It becomes easier to notice such things when you have security awareness training, which includes employing complex passwords.

When your passwords are strong and complex, it’s actually harder to give them away because the chances are you don’t remember them. This is also where you can employ password manager tools like Cyclonis Password Manager to generate and store your passwords, thus making sure that you can’t give them away on a whim. You can also learn more about all sorts of phishing scams here, while we give you an example of a prominent password reset scam.

Office 365 Password Scam

Due to its sheer size, Microsoft Office 365 often becomes a scam target. We have discussed a Microsoft 365 voicemail scam before, and today we would like to give you an example of a password reset email scam that affects Office 365 users, too.

This phishing scam has been there since summer 2019, and it happens to come back over and over again. The users targeted by the scam receive emails that say their Office 365 password is about to expire. These emails come with an outgoing link that supposedly leads you to a password reset page. While in some versions of this scam, users merely give away their credentials by filling out the fake password form, the more dangerous versions of this scam also distribute the Trickbot Trojan infection.

And that’s the more dangerous side of phishing scams we have briefly mentioned above. The Trickbot Trojan scam is part of a spear-phishing campaign that targets Office 365 administrators and their accounts. The scam uses the get.office365.live domain to collect credentials, and this domain clearly looks like a legitimate part of the Office 365 system. When users land on that page, they immediately get a pop-up that requires to update their browser. If users click the pop-up, they initiate the Trojan download. And of course, with the Trojan on the target system, you can be sure that sensitive information like banking credentials, account numbers, and so on will be stolen.

This, once again, proves that phishing scams can be extremely dangerous, and you should NEVER click outgoing links that urge you to reset your passwords. For Office 365, you can change your password at the main Microsoft page instead.

All in all, it is clear that scammers find new ways to trick users into giving away sensitive information every single day. While it may not be possible to avoid every single arrow fired your way, you can at least try to protect yourself and your data by employing the best cybersecurity practices.

By Foley
July 23, 2020
July 23, 2020

Leave a Reply