You are here

Watch out for ‘Heartbleed’ password reset phishing emails

11th April 2014

Security experts are warning people to look out for phishing attacks, disguised as password reset emails in the wake of the recent ‘Heartbleed’ bug.

Watch out for ‘Heartbleed’ password reset phishing emails |desc=|link=none|align=right|width=200|height=200]The Heartbleed bug gives hackers the opportunity to spy upon what should have been private communications, and steal private information such as email addresses and passwords.

Some of the affected websites and services have already taken action and patched their systems. 

Security experts’ advice is to only change passwords on websites which have confirmed they have fixed the Heartbleed flaw. Anything else could actually be increasing the chances of your private information being taken.

Beware of phishing emails

Fraudsters are opportunistic and know that people may be worried about the recent Heartbleed flaw and could spam out a phishing attack disguised as a legitimate email from a web service asking users to reset their passwords.

Be suspicious of any unsolicited emails you receive, even if they are from companies you are familiar with, if they ask you to click on a link inside the email to reset your password rather than ask you to visit the website manually and login there instead.

For further information please visit the Hotforsecurity website.

Please note that Action Fraud is not responsible for the content of external websites.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Related link

'Heartbleed' flaw on the internet threatens user data