With everyone talking about 'HeartBleed' – the major vulnerability in most website's encryption, many services will require users reset their passwords once they update their systems. This is often done via email – so hackers will have a field day sending fake password reset emails to users trying to capture their login credentials. The best thing you can do – unless you are 100% sure a link is legitimate is to go directly to the site and try to login. It will then prompt you to reset your password, or give you a link to do so. Be careful!

Sending a "Heartbleed" password reset email? Please don't include a login link!
We'd like to urge any of you who are thinking of sending out "heartbleed" password reset emails: *please avoid those login links*. Help us to help everyone get geared up to avoid phishing attack…