Question

Are automated "Forgot Username" emails legitimate messages or indicators of phishing or account compromise?

Answer

Automated "Forgot Username" emails are legitimate messages generated by the platform's account-recovery (forgot username) feature when an email address is submitted to that workflow. These messages deliver the username associated with the provided email address.

Malicious actors can trigger these self-service username/password workflows using email addresses obtained from publicly accessible or public sources in order to collect or validate usernames and email addresses. These automated messages can be leveraged in broader phishing campaigns even when they originate from the recovery system.

Receiving an automated "Forgot Username" email by itself does not indicate that an account password has been directly compromised. The service does not request login credentials via phone, email, or SMS, and unsolicited voice calls or messages asking for account credentials are phishing or vishing attempts and are not legitimate password-reset procedures.

Organizations may treat unexpected recovery emails as potential phishing indicators and may choose to monitor for suspicious messages, educate users not to follow links or attachments in unsolicited messages, access the portal only via bookmarked URLs, and remain alert to phishing, vishing (voice), and smishing (SMS) scams.