Has Your Password Expired? No, So Don’t Click that Link!

There’s a new phishing scam making the rounds, one that tricks you into clicking a link and turning over a lot of your sensitive information. This scam starts with a very official-looking email that says you must renew your password, but steals your data instead.

It might look like the message comes from your email provider, your Amazon account, your online banking account, or any other sensitive website, but there’s a good chance the email is a fake. Scammers use a tactic known as “spoofing” to make their email look genuine, but the link they provide for you is false. At best, you’re asked to turn over a lot of your identifying information, which could lead to identity theft. At worst, the link contains malicious software that downloads to your computer; then, it’s just a matter of sifting through your hard drive and your web browser history to steal identifying information and account access.

If you are ever told to change your password, there’s actually a chance that the request is legitimate.

Why? Because companies do find suspicious activity on their servers, which could be a sign that hackers have attempted to break in. Companies may actually tell their customers to go renew their passwords just to be on the safe side. However, those warnings usually tell you to go directly to the website rather than providing you with a link to click. Also, you can’t always know if that warning message is the real deal or the work of a scammer.

No matter how the message appears, instead of following the instructions, it’s best to go directly to your account through the verified website (NOT by clicking the included link) and change your password in the settings tab. That way, you’ll be one step ahead of any potential hacking activity, and you won’t have to worry about that ominous email. By handling the issue yourself, you’re securing your account and avoiding a scam at the same time.

It’s worth noting that most passwords don’t usually “expire,” but there are a few sites that require their customers to change their passwords every ninety days, for example. Those websites rarely email you when it’s time, though. They typically wait to inform you of the need to change your old password the next time you attempt to log in. To avoid falling into a scammer’s trap, simply use your better judgment, and never click a link that you weren’t expecting.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.