Why did I get a password reminder I didn't ask for?

Home » EMail

Summary: A password reminder that isn't expected can be startling. An unexpected password reminder could be due to many things. The best thing is to ignore it.

It's kinda spooky when that happens, but happen it does. It's particularly unnerving when the password reminder is "correct" - meaning that it's reminding you of your correct password. That tells us something, but for the most part what to do next is usually the same regardless.

•

Since the reminder included your actual password, you know it's real. In your case, it's a real password reminder generated from AOL in response to someone asking for it. Had it not had your correct password, I would have immediately assumed it was nothing more than a phishing attempt.

I can think of several ways this might happen:

• Someone entered your email address on an AOL password reminder form. I'm not really sure why they would do this intentionally, unless they thought that the password would be displayed instead of emailed. Password reminders are safe explicitly because they're emailed to the account owner - only someone with access to the account would be able to get the reminder. More likely is that someone mistyped their own email address, and entered yours by mistake.

• If you've registered on a bulletin board, mailing list or a discussion group, you'll usually need to provide a valid email address for activation. That same email address is used to send you your password reminder should you ask for it. Same scenario as above, most likely someone might mistype their registration name, typing yours instead, and any password reminder would get sent to you instead of them.

• "My money is on someone mistyping or misremembering their own account or email name, and entering yours by mistake."

  Some mailing list software, a package called "mailman" in particular, is configured to send out monthly password reminders by default. If you're on a mailman-hosted mailing list, this might be the cause.

• There's a small possibility that a web crawler or spider is hitting all links on various web pages, and one of those happened to be a password reminder link with your account. Conceivable, but highly unlikely.

My money is on someone mistyping or misremembering their own account or email name, and entering yours by mistake.

Real or phishing, the next step for you to take is actually quite simple.

Delete the mail.

Don't click on any links in it, don't act on it, just delete it. Whoever requested your password - regardless of their intention - did not get it. You did.

If you are particularly concerned, you might consider changing the password on that account as a precautionary measure.

And finally, let's be clear: this isn't about getting access to your computer, this is about your email or other account on-line. Passwords on and to your computer are not dealt with via email.

Related:

• Ask Leo! - Phishing? What's Phishing?

• Ask Leo! - Internet Safety: How do I keep my computer safe on the internet?

Article 10450 | Posted June 24, 2006