John wins the anti-phishing gold star for the year! I validated it by looking at the Announcements area in Workfront (if you are an admin, click on the numbers next to the profile icon at the top right once you are logged in and click on the View All Announcements). Now, all that does is prove that it was sent from Workfront's system (which in theory could have been compromised itself) but if they got that far they have the keys to the kingdom anyway. I also ignored the request long enough that I assumed any breach would have been discovered and communicated. I don't know if they have it posted anywhere in their Support Portal as well but that would be good to know. As a side note, John should be commended for his level of diligence and it should teach a valuable lesson to everyone NOT to trust an e-mail, even from something that looks right, implicitly without performing some due diligence. I always verify that messages like this show up in the Announcements area as well to guard against phishing, as should every Admin here. Great job John! Jason Maust McGuireWoods LLP