I just received an email purportedly from Marriott telling me a number of accounts had been breached although mine was not one of them (if it was from Marriott, that's sure to make a serious person suspicious). It told me to change my password. I did not click on the link, but closed that browser and opened up a different browser and indicated I'd forgotten my password so that I could change it. Once on Firefox (having not clicked through on Safari), it seemed to know nothing of what I assume was a phishing attempt because it led me through several steps asking me if I wanted my hint, etc., not indicating any level of fraud.
Can Marriott confirm this was a phishing attempt? Here is the message I got. If this was not phishing, why when I opened separately in a different browser did security not immediately let me pick a new password rather than 'helping' me remember my old one:
Marriott Rewards <Marriott@marriott-email.com>
August 5, 2013
Dear Marriott Rewards Member,
The security of your Marriott Rewards® account is of the utmost importance to us. There have been recent attempts to gain unauthorized access to a small number of members' online accounts. Although your account was not included in these attempts, as a precaution, we are requesting you to visit Marriott.com and change your password as soon as possible to assist us in ensuring the security of your account.
As of August 8th, 2013 you will not be able to access your online account from your mobile device until you have changed your password. Please change your password on Marriott.com from your desktop; updates cannot be made on Marriott mobile applications.
1. To change your password log into My Account on Marriott.com, visit your Profile page and select "Change Password".
2. Select a unique password, at least eight characters long, that is not used with any other online account you may have.
3. Security experts urge that a more secure password contains at least one number.
Our Data Privacy and Protection team has been working diligently to implement safeguards to block these attempts and maintain the ongoing security of all member accounts.
These types of online attacks become possible when individuals use the same email address and password combination for multiple online accounts. The email address and password combination becomes more susceptible to being collected via external sources and then used in an attempt to gain unauthorized access to other online accounts, such as your Marriott Rewards account.
If you have any questions, please call Marriott Rewards Guest Services at 855-501-6802 for assistance.
We take this matter very seriously as we have a long-standing commitment to protect the privacy of the personal information that our guests entrust to us. Thank you for your prompt attention to this important notice.
Marriott Rewards Guest Services
This email was sent to you by Marriott International, Inc. based on a past or present relationship with Marriott.
You may receive customer service notifications even if you have unsubscribed from Marriott promotional email.
Marriott- Internet Customer Care
1818 North 90 Street
Omaha, NE 68114-1315 USA
©2013 Marriott International, Inc.