Password Reset Emails For Accounts You Don't Have

It begins with a single email. A password reset request for an account you do not have. A login alert from a city you have not been to. A verification code for a service you have not used. The platform's instruction: ignore it if you did not request it; if it repeats, change your master password. The site does not disagree with that. The site adds that the pattern is older than the platform, and that the older grammar reads the repeated false letter as a form of reconnaissance.

The Malleus describes the false invitation: a letter delivered to the marked household purporting to be from a neighbour, intended not to be answered but to be opened — the opening itself being the operation. The modern false email is the same shape. The opening of the email, the click on the “not me” button, the entry of the password to verify identity — each is, in the older grammar, a step across the threshold.

The principle in the old books

“The witch who cannot enter the door directly sends a false letter, that the householder may open it of his own hand and so consent.”Malleus Maleficarum, 1487, Part II, on the false invitation

“Penemue taught the writing of letters and the sealing of them, and from his teaching came the writing of letters that were not what they claimed to be.”Book of Enoch, Chapter LXIX, the fallen Watcher of writing

“Mammon, prince of greed, does his office through the click that promises and the field that asks for the small detail offered without thinking.”Site's reading of the Binsfeld classification of the Seven Princes, 1589

The modern translation

The password-reset-for-an-account-you-don’t-have is the modern dress of the false letter. In 1487, the false letter sought to be opened. In 2026, the false email seeks to be acted upon — the click of “not me,” the entry of the existing password to verify identity, the visit to the suspicious link. The pattern is identical. The protection is identical.

The site notes one specific pattern that escalates the matter. The same address receiving multiple false-letter emails across multiple services in a short window is not noise; it is the gathering. The attacker is testing which services your address is registered with, and which credentials may have been leaked. The medieval householder, receiving three false letters in a week from different supposed neighbours, would have known the household was under attack. The modern reader should know the same.

The protections, in order

1. Do not click anything in the email. Not the “not me” link. Not the unsubscribe. The click is the opening. The opening is the operation.
2. Open a fresh browser window. Type the service’s URL by hand. Log in directly. If you have an account, change the password. If you do not, you have learned what you needed: someone tried to register you.
3. Enable two-factor authentication on every account that matters. Email, banking, the primary social, the cloud storage. The medieval doubling-of-the-lock translates directly.
4. Rotate the master email password and the bank password. Do this once, deliberately. The medieval rule on a series of breaches: change the locks on the doors that matter, not on every door.
5. Check the leak database. Have-I-Been-Pwned, the Apple/Google built-in checks. If your address appears in a leak, the pattern of false letters has its source.
6. Bless the device. Salt and a drop of blessed water on the case; a brief prayer to Michael; forty days of attention to which links are clicked and which are not.

The diagnostic threshold

The standing rule: one indicator is to be noticed; two is “pay attention”; three or more is the threshold of action. Where the threshold is crossed, do not delay until morning — apply the protection in the same hour you notice the third indicator.

• You have received password-reset or verification emails for services you do not use, in the last seven days
• You have received a login-from-new-device alert for an account you did not log into
• The pattern is across multiple services, not a single one
• The emails are well-crafted — not obvious phishing — and would have been clickable in a tired moment
• You have noticed unfamiliar charges, missing emails, or new connected devices on one of your accounts

Common questions

Is this a spiritual matter or just a security matter?

The site holds it is both. The security matter requires the security response — the password rotation, the two-factor, the leak check. The spiritual matter requires the protection of the threshold — the prayer, the discipline of not clicking, the awareness that the false letter is an older category. Neither response is sufficient alone.

What if I already clicked?

The standing remedy for the first yielding: change the password of the account that you clicked from, run a virus scan if a download happened, and apply the older protection in addition — salt the device, pray Michael, forty days of attention. The bond formed by the click loosens by the end of the forty days.

Why Mammon?

The site's reading of the Seven Princes assigns Mammon the office of greed in its modern dress — not only the desire for money, but the small reflexive click on the offered thing. The phishing email's design exploits Mammon's office; the prayer against Mammon is the prayer against the unconsidered click.

Related vectors in this cluster