Many years ago I had signed up for a rewards account at GameStop. I let that membership lapse, but apparently I still have an account. I recently awoke to a strange email in my inbox indicating that I had requested a password change. This was odd since I hadn’t access that account it years.
What really caught my eye was that the message arrived at 2:41 AM while I was sound asleep.
I checked the body of the message for signs of phishing forgery. The senders address looked real and the hyperlink pointed to GameStop’s website.
This was a legitimate email from GameStop in response to a password change request, meaning that someone had attempted gain access to my account – and, perhaps, they succeeded.
I went directly to the GameStop website and attempted to login. Either my password had been changed (or I forgot it) so I went through the change request to regain access to my account using a unique strong password. GameStop prompted me for additional verification and my access was restored.
The moral of the story is to be vigilant. Periodically scan your inboxes for message that might indicate someone is trying to compromise your account.
A GameStop rewards account may not seem like a big deal compared to your bank account, but one successful compromise can serve as an on-ramp for hackers to gain access to your more sensitive accounts.
Here are a few tips to protect your online accounts:
- Change your passwords if you suspect an account was targeted or compromised
- Delete old accounts that are no longer in use
- Avoid using the same passwords on multiple accounts
- Use a password manager
- Turn on two factor authentication where available
