OGS phishing mail?

Received the following mail:

Someone (hopefully you!) has requested a password reset for your online-go.com
account. To proceed, simply login with the following credentials:

Username: Atorrante

Well, that is not by my request.

Sent by ogs-notifications@online-go.com to my emailadress

Going to ignore this.


Does that mean you’ve made it? when you’re big enough to get scammers impersonating you?


It’s possible that someone could have requested it by mistake, maybe by a typo. Should be safe to ignore that, I think.

Yeah. Just ignore.

That’s the email you receive when when someone clicks “forgot my password” using your username (I would know, I’ve forgotten my password more than once :sweat_smile:).

It could have been anyone trying to access your account, or you yourself by mistake. Be it as it may, by not acceding with those credentials, your account remains intact and any ill attempt at hacking into your account is easily frustrated.

1 Like

Assuming the unencrypted email isn’t intercepted, of course.

1 Like

This is a type of fame I very well can do without.

If this is the official email you receive when you forgot your pass word, I suggest that OGS rephrases it. The wording is strange and incomplete.
Especially the phrase “hopefully you” without a suggestion what to do if it is NOT YOU is weird.

Are there more players who received this message?

I hope that @anoek will look into this.

1 Like

Anyone who clicks “forgot my password” and supplies any username which has an associated email address, that address will get this email.

The content is always the same, except of course for the username and password.

When I request a password reset anywhere, I usually get a reply with

  • a new password and instruction how to change it
  • a warning that if it was not me who requested the reset, I should not change the password and warn the website about this

The last kind of message is missing in the OGS notification. I suggest that an instruction about what to do when someone other than the account owner applies for a reset, is added to this particular OGS notification.


It’s also relatively common to provide a link to change your password, not the new password itself.


I would keep the “(hopefully you)” part, I like the friendly vibes it gives, and it can still be supplemented with instructions about what to do if it wasn’t you

1 Like

That looks official, yes I should probably revisit those emails (all of the ones we send out really). I haven’t touched them in about a decade. Like someone said above, someone probably tried the forgot password with your username.


Sending a link is risky. Nowadays companies often prefer that the customer goes to the website itself and resets it (logging in with the given password and then immediately having to change it). Following a link can lead you anywhere.

Edit: I just received the same email again, so I am tending to discard the “it is just an accident” and start to become convinced this is indeed phishing.
Well, I am not bhithing :smile:


Sure - sending passwords via email is risky too.

1 Like

I think the suggestion is that the fame accrues to OGS, not to you!

That is common enough and not bad (though sending a password seems risky), but sometimes one is also told something about the device involved in suspect activity, such as an IP address or approximate location. I think that would be an improvement.


Yes, that was my intent, but the sentiment works either way

That suggests to me that in order to reset your password you should need some information you enter when requesting a reset and some information in the e-mail. That means that having your e-mail intercepted does not place your account at risk.