I got the note. I dont know who or what to believe or trust anymore.
How can you know someone has not hacked mail and built a dummy site to capture passwords?
Call me paranoid. We have separate computers here in the office that we keep all our company financial and personal data on as well as that of our doctor clients and their patients but they are not connected to the internet. Limits what we are able to do sometimes but we work around it. I am amazed at the number of patients who send us new credit card information via email including the security code on the back of the card.
All you can do is hope. If you're technically oriented, you can check the domain you're sent to, maybe do a WHOIS lookup, find out who does their DNS, etc. Even Windows machines still have the venerable "nslookup" program for checking DNS.
“How can you know someone has not hacked mail and built a dummy site to capture passwords?”
That part is easy, at least as I read the message - first assume the message is fraudulent, so never click on the provided links. Then log on to Carbonite the usual way (as if you never got the message), then change the password the normal way (again, as if the message never came).
It’s like getting a credit card warning by E-Mail, or even Snail Mail - if you think it’s legit, you look at the phone number on the back of the credit card, call them, and tell them you got an E-Mail regarding (whatever).
Never ever click on a link embedded in an email even if the email looks legitimate. Instead go to the URL that you have booked marked for logging into your account.
I do all my bill paying on-line and get email reminders when bills are due. I never use the link in the email however to get to the account log in page.