Password reset request e-mails look a bit suspicious

NWSpacek · September 3, 2018, 12:04am

I found in my e-mail this legitimate password request:

I spent several minutes going over the links and the source of the e-mail and talking with another dev forum member because this looked like some kind of phish attempt. Here’s why I thought it was a phish:

The subject is “Roblox Account Password Reset” which, since I don’t receive these very often, it was alarming to see this subject line in my inbox, which made me believe my account had been stolen as the subject line does not specify a request. Sure, the body says it is a request, but when I opened the e-mail I was spooked and missed it.
The “Roblox account” is my e-mail; phishing letters tend to explain things poorly in an attempt to confuse people into doing whatever they ask, which is why the mis-match in types was suspicious.
The time limit. Phishing attempts often include time limits to pressure people into doing whatever they ask.

Hopefully these parts of the password reset request e-mails can be tuned to improve clarity.

inHeadspace · September 3, 2018, 12:29am

It could be what they warned about in the discord.

See screenshots below;

CheetahSp33d · September 3, 2018, 12:52am

Yeah that looks pretty sketchy. I haven’t seen one yet but thanks for letting us know. I’ll be on the lookout for one.

EchoReaper · September 3, 2018, 12:57am

@Starception @CheetahSp33d I reviewed the email with OP and it is legit. Roblox just doesn’t do a very good job of presenting the information in a way that avoids setting off red flags e.g.:

“Roblox Password Reset Request” (option to reset password) vs “Roblox Password Reset” (raise the alarms your password has been changed)
Account being an email instead of username (maybe a bug?)
Stated time limit (should be omitted and going to an invalid password reset link should just show “link is invalid or expired” on the website)