Did any of you get an e-mail that stated a password reset was needed?

I did the reset, but then I could not get logged in.

I had to do a another password reset here to get back online to this site.

Kind of strange.....

But at least the pop-up ads have gone away!!!

:)

C-5277

Email requesting a password reset? Whenever I see one of those I instantly think it's a Phishing scam.

That is a possibility.

Here is the e-mail received:


----- Original Message -----
From: "WordPress" <wordpress@gm-volt.com>
To: <>
Sent: Wednesday, June 13, 2012 11:44 AM
Subject: [GM-VOLT : Chevy Volt Electric Car Site] Emergency Password Reset


> ALERT: The admin of GM-VOLT : Chevy Volt Electric Car Site requires that you reset the password for the following account:
>
> http://gm-volt.com
>
> Username: Jim I
>
> You must reset your password before you can log back in. To reset your password, visit the following address:
>
> <http://gm-volt.com/wp-login.php?action=rp&key=xWongNpVZCzOSLOWKuUX&login=Jim%20I>
>
>
>

Hmm...that link looks legit. LOL

Jim I:

You may have just given your password to someone with malicious intent; in your shoes I would assume your account has been taken over by someone else, unless and until you can confirm you still have control of it.

If it were me and I still had control of my account, I would immediately change my password to something completely different.

If you no longer control your account, let one of the site's moderators know ASAP. Since the malicious party presumably now has your password, I would also change the password if you use the same one on any other sites, especially banking/e-commerce sites (and for the love of God, don't post any of those details here!).

Edit: Also, if you use the same password for anything on your computer (ie. to log into your computer, or to change settings), change it IMMEDIATELY or the perp may be able to control your computer as well.

Hope I'm wrong, but every 'emergency password reset' email I've ever seen or heard of was definitely an attempt to steal the password and take control of someone else's account.

You can usually tell if the link in an e-mail is valid or not by hovering over it and looking to see if the URL matches the text. The safest thing to do is to NEVER click on a link in an e-mail. If you think the e-mail is valid, go to the website by typing the URL into your browser, not by clicking on the link in the e-mail. That way you control which website you go to, rather than the person who sent the e-mail.

My view is that no legit website should send E-mail asking a user to changed a password. Kinda like financial institutions should never ask for any personal information view E-mail.

I got the same email and changed my password but now I'm suspicious. I logged out of GM-Volt and logged back in using my old password and it worked so not sure what's going on. My new password did not work.

That should have given you the answer. You just gave someone your password. I would suggest you change it NOW on any site you use this password.

That should have given you the answer. You just gave someone your password. I would suggest you change it NOW on any site you use this password.

It was a unique password that I don't use anywhere else so I should be ok. Has there been any official comment from the blog host yet about the email?

I can assure you that the email was a scam to get your password.

Many people use the same password or a variant (different person's name) for many accounts. The crooks have already tried to get into your bank account. I hope it has an entirely different password.

Then there is Amazon that permanently keeps your credit card info. They sell some expensive and resellable stuff.

There are actually web sites that sell ID information to the highest bidder.

Check all your accounts and change the passwords. If you were already ripped off, you have a lot of rights with credit card purchases, some rights with debit card and online banking transactions. All these refund rights are strictly time limited, so contact vendors immediately about any unauthorized purchases and follow up by certified mail.

Don't be embarrassed or shamed by the vendor into paying anyway. Banks should require additional authentication when a different computer logs on and stores should not retain credit card info. If they have low security, they can pay for it.

I have gotten this request multiple times now.

Can we get an official response from the forum administrators about this?

Assuming that this is not real, they have someone using their site to phish. I'd think they would want to know about that and plug up the hole.

I received another email today as well.

All the issues we were having with the site ( wordpress) was because the site was hacked, so we had to re-set the word press passwords, as to ensure it did not happen again.

There was a blog post about this.

So if you can change your password that would be great.

Luckily, financial institutions have a different standard when it comes to security. Even if an attacker has your password, they may not be able to get in without answering several security questions. That's because most banks and financial institutions use cookies and some keep a database of the subnets they are accessed with so they know if somebody is trying to access an account from a different computer.

If they can get into your Amazon account, you still might be ok because they don't save the cvv code from the back of the credit cards and require you to enter that portion manually each time. Nothing is perfect, but people out there ARE trying to protect you from crooks.

All the issues we were having with the site ( wordpress) was because the site was hacked, so we had to re-set the word press passwords, as to ensure it did not happen again.

There was a blog post about this.

So if you can change your password that would be great.

Please provide a link to this blog post. I would like to learn more about this beore I reset anything.