Just when you were trying to protect your digital asset from ‘Heartbleed Heartache’ and thumping your keyboard to reset all the passwords right away; here is what you need to know, to protect from another threat.
Do not haste in responding all the ‘reset your password’ mail which could be cybercrook’s phishing mail to rob you. Cybercrooks are tapping the panic wave caused by Heartbleed bug when many of us are rushing to clicking password reset links in mails. Cybercrooks are sending phishing mail which apparently provides links that redirect users to webpages which give the impression of an authentic login screen. Remember that you are not on the actual login screen of your account; instead you are on deceiving login screen designed to steal your account credentials. Later, when you will try to login with the actual site, your login credentials are turned out to be invalid.
How do these ‘reset your password’ phishing mail look?
Genuine websites will not send links of login screen in email correspondence unless you request for sending a password reset link. Therefore, whether the login link you receive in any mail look genuine or fake, do not click on these links. What is even worse is that all these links and email which bears the URLs look legitimate; even URLs on which you hover over appear to be sent from legitimate sites and even display an ‘HTTPS certificate’ when the URL redirects you to a login screen.
How to avoid password reset phishing mails?
Thus, cybercrooks may deceive you with all the signs of authentic password reset mail and links. Security experts recommended practicing safety measures such as avoiding password reset mail messages no matter how genuine they look or if they take you to a seemingly safe login site tagged with ‘HTTPS certificate. Go to the actual website and follow normal password reset routine instead of using these shortcut methods: you could be giving away your account credentials to cybercrooks.