Sunday, February 8, 2009

Google Password Assistance email - training phishing targets?

At first I assumed the email below was a phishing attempt, but after spending a few more seconds thinking about it, it looks legit.

Legit, but bad practice. I had not initiated a password reset, so something is wrong with the way Google are crafting the email below.

If someone else is trying to reset my password, they should let me know in this email somewhere.

I haven't logged into this account directly in a while, so even if the reset email is a preemptive one to help me get back in they shouldn't be putting an active link for me to click. That's just training me to be phished. Instead tell me to type their site name into my address bar manually.

Let me know if I've got it wrong! Comments are wide open.

PS: Yes, I've changed some links from their original state to protect the innocent (me!).

---------- Forwarded message ----------
From: <>
Date: Thu, Feb 5, 2009 at 9:24 PM
Subject: Google Password Assistance
To: Andrew's Other Email Account

To initiate the process for resetting the password for your Google Account, visit the link below

If clicking the link above does not work, copy and paste the URL in a
new browser window instead.

Thank you for using Google.

For questions or concerns regarding your account, please visit the
Google Accounts FAQ at

This is a post-only mailing.  Replies to this message are not monitored
or answered.

No comments: