Twitter Password Reset Email Not Necessarily Phishing But Decidedly Clueless

The Internet Patrol default featured image
Share the knowledge

In an effort to clean up after a phishing attack on Twitter, Twitter is targeting some Twitter accounts as “possibly compromised”, and proactively disabling the current password for the account, and sending a “Please change your twitter password” email, which asks you to “please create a new password by opening this link”. While we give them a great deal of credit for being so proactive, the irony is that the email Twitter is sending looks just like the phishing efforts that lead to this problem in the first place! So, if you get a “Please change your twitter password” email, what should you do? Read on.

Twitter’s email’s resemblence to phishing begins right out of the gate, with the subject line, which asks “Please change your twitter password”. Now, the wary user would think “Why is Twitter sending this to me, and if it really *is* Twitter, wouldn’t they capitalize the name of their own company? Wouldn’t they use “Twitter” instead of “twitter” when they talk about themselves?”

You see? Right away it looks like phishing. And it goes downhill from there – here is the text of the email:

From: twitter-resetpwnotice-test=example.com@postmaster.twitter.com
Subject: Please change your twitter password
Date: March 17, 2010 4:24:07 PM MDT
To: test@example.com
Reply-To: noreply@postmaster.twitter.com

Hey there.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Due to concern that your account may have been compromised in a phishing attack that took place off-Twitter, your password was reset. Please create a new password by opening this link in your browser:
http://twitter.com/account/password_reset?email=test@example.com&token=d675bbc86989c0cdc484ea0a92af514e

This will reset your password. Remember to choose a strong password that is a combination of letters, numbers, and symbols. Do not reuse your old password.

As a reminder, you should be extraordinarily suspicious of any third party that offers to artificially inflate your follower count. We do not endorse any of these sites.

Please make sure to:

Scan your computers for viruses / malware, especially if unauthorized tweets continue to be posted in your accounts even after you’ve changed the password.
Check the Connections page at http://twitter.com/account/connections and revoke the access privileges of any third party applications that you do not recognize.
Avoid providing your username and/or e-mail and password to untrusted third-party sites.
Remove any updates that you did not post personally.
You can also visit our help page for hacked or compromised accounts

The Twitter Team
Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.

Unfortunately, once you’ve decided to take the chance that this is a legitimate password request, and clicked on the link, it takes you to a page which immediately gives you this message at the top, which certainly doesn’t reassure that this is a legitimate request from Twitter, and not a phishing attempt:

 

twitter-forgot-your-password-cant-verify-user

 

If you do type in your Twitter account name (and we recommend typing in your Twitter account name, not your email address, as if it were phishing, giving them your email address would be a Bad Thing), you will then see this page, and receive the email that follows:

 

twitter-password-reset-instructions-on-way

 

From: twitter-resetpw-test=example.com@postmaster.twitter.com
Subject: Reset your Twitter password
Date: March 18, 2010 7:46:48 AM MDT
To: test@example.com
Reply-To: noreply@postmaster.twitter.com

Can’t remember your password, huh? It happens to the best of us.

[Editor note: Hey! I didn’t forget my password! You disabled it! How dare you accuse me of a lapse in memory?]

Please click on the link below or copy and paste the URL into your browser:
http://twitter.com/account/password_reset?email=test@example.com&token=2e79118943bc8eb0430bb66a6d239b26-1268920007-false

This will reset your password. You can then login and change it to something you’ll remember.

The Twitter Team
Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.

 

Once hitting the password reset link, and typing in your new password, you will be taken to this page:

 

twitter-password-reset-success

 

So, all this said, how can you distinguish the good guys from the bad guys? How can you be sure whether it really is Twitter asking you to reset your password, or someone trying to scam your password from you?

In this case, if you don’t have a Twitter account at all, obviously it’s phishing.

If you have just one Twitter account, the best thing to do is to ignore the email itself, and go log into your Twitter account. If you can get in just fine, it was almost certainly phishing.

But, if you can’t log into your Twitter account, because the password has been disabled, then when you type in your old password – because it’s now the wrong password – you will be taken to this page, which has the “forgot your password” link:

 

twitter-password-forget-arrow

 

Click on that “Forgot?” and the next screen allows you to enter your Twitter username (or the associated email address), at which point Twitter will email a new password reset link to your email address.

 

twitter-recover-password

 

Now, what if you have more than one Twitter account? Do you need to try to log into each and every one to determine whether Twitter really did disable your password for one of your accounts?

No, you don’t – by looking at the “To” line in the email you received (in our example above, it’s “To: test@example.com”) you can determine to which account the notice was sent. We know that the email address test@example.com is associated with just one of our Twitter accounts (as you can only use an email address once with Twitter, so that it is associated only with one particular Twitter account), and so we know which Twitter account needs the password reset.

By checking whether you really do need to reset your Twitter password, and, if you do need to reset your password, doing it this way, through the Twitter site, you can virtually assure (no pun intended) that you are genuinely working with Twitter, and not some phisher.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

2 thoughts on “Twitter Password Reset Email Not Necessarily Phishing But Decidedly Clueless

  1. I actually have forgotten my password. I accidentally logged off, thinking I’d placed the password somewhere safe. Everytime I go to the Forgot Password, I enter my email address, but, never receive a reset email. Not sure what to do. My account was hacked a few years ago.

  2. Great post, Anne. I received this email tonight and wondered many of the same things you did. Thanks for reminding me of the “Forgot” link on the login page. You removed all the risk, while getting my account back up and running. Much appreciated!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.