Why Won’t Macy’s Tell Me If Password Reset Email Is Legit Or Not?

Image courtesy of kaleidoscopist

Someone (either Macy’s or perhaps a mysterious third-party) is confusing shoppers by blasting out emails telling them to either change their Macy’s passwords… or just ignore the email altogether because maybe they don’t have an account and shouldn’t be worried.

Consumerist reader Sonya is one of many people who received this password-reset email from Macy’s, but can’t get the retailer to vouch for the email’s authenticity.

“Macy’s has a weird problem going on and they can’t seem to tell me if this email I received is from them or not,” she writes, of a message sent from an address that appears to be related to Macy’s customer service, letting her know that she should reset her account password.

When she reached out to Macy’s customer service directly, to ask whether or not the email was authentic and if she should reset her password, she says a representative didn’t confirm whether Macy’s had sent the message she asked about specifically, but just told her to ignore any emails she gets about resetting her password if she doesn’t have an account — which she does:

“In the event that you receive an email about resetting your password, but you do not have an account with us, please disregard the email as it is just a system generated email that was sent to all our valued customers.”

She’s not alone, either: Many people have been posting on Macy’s Facebook page in recent weeks, including some who don’t have a Macy’s account in the first place.

“I keep receiving emails to UPDATE my Macy’s password,” said one commenter. “I don’t have an account with Macy’s. Would Macy’s send me such an email?”

“Please have someone address whether Macy’s will typically send out emails telling you that you need to re-set your password,” one person wrote. “I have rarely used my macy’s card or online shopping and have rec’d two of these lately. I don’t know if they’re legitimate so I have ignored. I tried to find some information on the macy’s website but came up with nothing. It would be nice if they’d post a blurb to their website addressing this, I can’t be the only one experiencing this!”

“I get an email like this every day,” another Facebook user posted. “It is a nuisance because I don’t have a Macy’s login. If Macy’s is sending me these, please stop. If it is phishing, please let meet know how I can report it.”

“I don’t have a Macy’s credit card (and have never ordered from Macys.com), I’m not clicking a link from an unsolicited email and can’t find relevant contact info on your website without logging in – how do I address this with your site security team?” another Facebook user posted months ago.

Others have had issues when they actually attempt to reset their passwords.

“I just received an email saying my account was locked and that I needed to reset it for security reasons. I didn’t trust it so I went online and reset my password through the regular site… still says I am locked,” a customer noted. “I called customer service who had no idea what I was talking about. They transferred me to technical who put me on hold for 10 minutes then hug up on me. Is there a security breach? How do I reset my password? Should I trust that email?”

While Macy’s did reply to some customers on Facebook, saying the team would investigate the issue, the company doesn’t appear to have verified the authenticity of the email, simply telling some people again, that if they don’t have an account, they can ignore any emails they get from Macy’s.

However, a company spokesman did confirm to Consumerist that Macy’s system has not been compromised, and said he would look into the issue of the mysterious emails.

On Macy’s fraud alert page — which appears to have been updated last in 2013 — the company notes some fraudulent solicitations customers may encounter; however, this email is not included on that list.

In the meantime, if you’re unsure whether an email is coming from a company you have an account with or if it’s a spammer trying to get information from you, avoid clicking any links included in the message, and instead go directly to the company’s website to reset your password.

Want more stories from Consumerist? We’re a non-profit! You can get more stories like this in our twice weekly ad-free newsletter! Click here to sign up.