I did not request a password reset

Sure.  To help point you in the right direction, what is your question regarding?

I keep getting an email from customerservice@koodomobile.com  telling me how to reset my password and 

I did not request a password reset

I’m wondering if there is a system issue. I’ve been getting them too. Had 3 in the last 3 days. Definitely not initiated by me either. And having the same issue trying to contact Koodo.

There have been multiple reports of this. I believe this is a system glitch but let me flag a rep to confirm

I have a password that meets the above criteria yet I am still getting these messages to change my password. 

Once you change your password do you stop getting the emails?

I did not change my password. I do not want to, but if that’s the only way to stop this, then I shall.

I have not tried to change my password. It is a secure password that meets the guidelines. And although these emails look like a legitimate email, I’m not going to use one of them to actually do a reset and I won’t be able to tell whether I generate it or some other system is doing it.  I received another one today. The question is where are they coming from? I should not have to change my password to stop them. The email in question is supposedly coming from a request that I have made. I have not made the request so I won’t reset the password. In this time of multiple spams, it’s too easy to spoof emails.

When looking at the questions in the past, this is happening a lot. It’s something that Koodo should be investigating. Not me.

Since you said your password meets all the criteria, you should be able to change it back to your preferred password once again in the future.

@Darius Koodo 

@Dennis 

Hi, Darius and Dennis.

The problem PB2023 and others are having is that (in their opinions) their passwords meet the communicated requirements.  That’s all Koodo can ask of them.

The password page still does not list the “same 3 characters in a row” requirement (I did a web cache flush for Koodo domain June 13 morning and still don’t see it), but does enforce it as part of requirement #2, which cost me about a half hour of frustration since it was rejecting a password that met the stated requirements. 

This was made much, much worse with repeated emails stating “you have requested a password reset”, which was obviously not the case, instead of “your password is now considered weak and should be changed”.  There are at least 5 other similar Community Questions (topics?) where users are discussing whether all or some of the emails are a bug in the Koodo system, the result of phishing attempts against Koodo customers, or a persistent hacker attack against specific Koodo customers.  Some were trying to figure out why some users get few emails and others get a lot (I got 2, another user got 13).  I think a FAQ post stating this email is currently being sent incorrectly plus stating when the bug can be triggered would calm users down. 

As far as I can tell, changing your password does not help; it may even cause more messages to be sent if the new password fails some criteria or other.  I only started to get seriously spammed after I started taking the message seriously and changing my password, but again that’s just my perception and it may actually be caused by other factors.

I keep getting the same message! I have not requested a password change, and since there are no phone numbers to call on the Koodo site, I have refrained from calling. My password still works and I have no intention of changing it unless I absolutely have to. Is this a scam, as I suspect?

I keep getting the same message! I have not requested a password change, and since there are no phone numbers to call on the Koodo site, I have refrained from calling. My password still works and I have no intention of changing it unless I absolutely have to. Is this a scam, as I suspect?

I definitely don't recommend using links in emails for changing passwords. Always do it directly on the website.

How can you tell changing your password doesn't help? The only way to confirm this is to change your password and see if the emails stop. It seems like a simple test. If it doesnt work, just change your password back since it meets all the criteria anyways right? 

I can tell changing my password doesn’t help because I changed it several times, and the only thing I noticed was a marked increase in the spam emails being sent to me.

Okay, here’s what I’ve been able to find out:
(1) Various Koodo CSRs including @Darius Koodo  above and my callback CSR for this issue have said that Koodo has implemented new password requirements.
(2) There is nothing obvious in these emails which points to phish/scam.  I’ve gone through the email plaintext and the email comes from a Telus server, the parent company of Koodo,  and the links inside the email appear to all point to koodomobile.com pages.   It would take a Koodo or Telus sysadmin to go through their email logs to determine whether these are Koodo emails, or if you have a handy Internet email security specialist in your pocket you can have them analyze the server chain to see what they can determine.
(3) Calling *611 just tells you to use this website for support.  🙄   Not sure about the 866 number but I suspect it’ll do the same.
(4) My experience has been that the more you change your password either through the emails or online without using the emails the more emails you get.
(5) Using password change is not free of problems.  If you check @Darius Koodo above you will see that he lists requirement “no triple repeats of a character” (e.g. XXXTerminator2000).  When I tried to enter a password I discovered that it does not appear in the page text but is enforced.  Cost me about a half hour of annoyance uselessly trying to figure out why my passwords weren’t being accepted because item 2 was Xed out even though I had uppercase, lowercase, and numbers.
(6) This is not the only thread on this topic.  I’m not sure what search terms I used but I found at least 5 others with comments by Koodo users, all asking questions that nobody can answer yet, and speculating about bugs, phishing, scams, hack attempts, and so on.

Personally I have no recommendation on what to do.  Ignoring them appears to result in less frustration and would definitely negate risk if this is a phish/scam attempt. My guess is that this is simply a bug, and in a couple of days a dev will track down what went wrong and Koodo will publish a FAQ and/or send an email.

I got several of these emails a few months ago and changed my password the the site. Started receiving them again a few days ago and have 3 so far. I'm not able to do the callback to speak to someone due to my schedule, so can't report it or find it what is going on.

Has anyone actually spoken to someone about this? Does Koodo have a phishing email it can be forwarded to confirm if this is legit or not? Koodo doesn't seem too interested in looking into this, which makes me feel they don't take security too seriously.