I am using a device which syncs to the manufacturer's cloud (major brand, you would know them). I reported a potential bug to their customer support. They asked for my login/password to verify. The email headers appear legit, and they were not pushy when I proposed to send screen captures instead. What can I do to make the world a better and more secure place?