[stoneage]

I got this email in my Junk mail box.I don't remember asking for any help in resetting my password, so I'm wondering if this is spam or real.

[64stang06]

It's legit.

[besson3c]

There is no way you can tell whether or not it is legit without looking at the full headers, specifically the envelope information. It is trivially easy to forge email headers.

Can you post the email with full headers attached?

[analogika]

Either somebody was trying to use access your account online, or somebody is trying to get your account data from you.

[richwig83]

Dont do it!!!!!!!!!!!!

[64stang06]

Well lets see. https://iforgot.apple.com/cgi-bin/We...iForgot.woa/wa takes you to the reset password/forgot password page for your Apple ID. And if this poster has his email address used as his Apple ID (iTunes, Apple Store online purchases, etc), it's possible that someone tried to hack his account without him knowing it.

I just tried this and it gives me 2 options: reset password by sending you an email link (which this OP has received) or reset by entering secret questions.

I suggest others do some research like I did before jumping to conclusions.

[besson3c]

Originally Posted by 64stang06 

Well lets see. https://iforgot.apple.com/cgi-bin/We...iForgot.woa/wa takes you to the reset password/forgot password page for your Apple ID. And if this poster has his email address used as his Apple ID (iTunes, Apple Store online purchases, etc), it's possible that someone tried to hack his account without him knowing it.

I just tried this and it gives me 2 options: reset password by sending you an email link (which this OP has received) or reset by entering secret questions.

I suggest others do some research like I did before jumping to conclusions.

And how do you know that the message isn't HTML formatted and the URL displayed is false? This is how phishing emails often work. If you have not checked the source of the email and the envelope information of the email, your research is incomplete.

[TETENAL]

If you didn't ask to have the password reset, then don't reset the password. Seems quite simple to me. It doesn't matter whether the e-mail is legit or not.

[64stang06]

Because the email I received to reset my password was formatted EXACTLY like the OP, [email protected] as the sender. I'm not saying the links are legit, I was simply stating the email was from a legit source. Obviously, if he/she didn't know where it came from, they should not click the link.

[besson3c]

Originally Posted by 64stang06 

Because the email I received to reset my password was formatted EXACTLY like the OP, [email protected] as the sender. I'm not saying the links are legit, I was simply stating the email was from a legit source. Obviously, if he/she didn't know where it came from, they should not click the link.

I could forge an identical email with the same header information in about 2 minutes. The from address being reported is meaningless, which is why you need to look at the envelope information.

[Big Mac]

2 minutes? Try 20 seconds.

[besson3c]

Originally Posted by Big Mac 

2 minutes? Try 20 seconds.

Exactly! The extra time I've allocated is for installing your own MTA so that you don't leave a trace of this email in your ISP's SMTP/mail logs

[64stang06]

Lol, ok ok, I see the point

[Chuckit]

Best advice: If you weren't specifically expecting an e-mail, don't click a link in it. That's how you get phished. Make sure the address looks all right and type it into the browser window yourself if you want to visit the page.

[besson3c]

I also recommend putting your mouse over each link to see if where the link actually directs you to matches the domain of the reported sender, and always check the envelope address(es) to ensure that the email actually originated from that network by viewing full headers for that email. These checks should only take a few seconds.

Just some generic email security tips.

[analogika]

Originally Posted by besson3c 

I also recommend putting your mouse over each link to see if where the link actually directs you to matches the domain of the reported sender

That doesn't really help the layman at all if the address is

eBay - Page Not Found

which is what an awful lot of phishing links are.

Edit: Oh **** it. Mouse over the link to see what I mean.

[besson3c]

True...

The best form of investigation would be to check the envelope information, because chances are a fraudulent email did not originate from inside the network being spoofed. If it did, all bets are off.

[dn15]

Another possibility is that it's legit, but someone with an address very similar to yours was screwing up and couldn't log in and requested the reset, not realizing they had the wrong address. I get the occasional registration confirmation message for random sites at my Gmail address even though I never did it. Some chump out there thinks my address is theirs from time to time, or makes frequent typos. Unfortunately, since I don't know what their correct address is, I can't write and let them know that they're doing this.

[50leaves.com]

Originally Posted by stoneage 

I got this email in my Junk mail box.I don't remember asking for any help in resetting my password, so I'm wondering if this is spam or real.

I personally doubt its real, but put your mouse cursor over the link for like 5-10 seconds and it will show the real url. whats the real url point to?

[TETENAL]

Originally Posted by dn15 

Another possibility is that it's legit, but someone with an address very similar to yours was screwing up and couldn't log in and requested the reset, not realizing they had the wrong address.

I already mentioned this, but somehow the geeks got caught in trying to figure out whether its real or not and are not realizing that it simply doesn't matter.