This appears to be a legitimate email from google regarding an attempt to use my password to log into google. Sent to an old AOL account i keep for trash. They used the first half of my AOL address with an @googlemail.com, which is close to a googlemail address i actually have and asks me to log in to verify the activity.
Im not sure how they intend to access my gmail accounts as this is a legitimate email from google and would direct me to the google accounts page so they would not have visibility of my passwords i use to try to log in.
Im not sure what this is.
Why would they use my AOL email address as a recovery account for a fake gmail account i dont have access to? How to they intend to get my log in details this way?
Any thoughts anyone?
Ps hope this is the roght place for this question.
Do NOT click the link. Instead, go to google.com yourself, go to your account settings, and “check activity”. If there’s anything suspicious (like an attempted login from another country), reset password and ensure 2FA is enabled. Otherwise, you can safely ignore/delete the email. (But still enable 2FA for better protection)
If you message me your Google password then I’ll check for you. That way you won’t be at risk for catching a virus. You can never be too careful these days.
Are you sure you didn’t add that AOL account to that G-Mail account? Because it seems legit.
I get them too
I think this is a legitimate email. What it’s saying is that your google password is compromised. Google blocked the login attempt for other reasons, but please change your password.
Who knows? You could analyze the email to see if the links are legit. The URL suggested appears to be; don’'t follow it by clicking it though.
If you have a short-ish email address, someone might have just set it as their recovery address by mistake. I also have a pretty old, short gmail address and people have registered it as their recovery address before, so I would get mails whenever they logged in on a new device etc. Don’t think those were phishing attempts, just people being technologically inept.
I have an old gmail account that’s just my first name initial and my last name.
Occasionally I get mails from shady people, like “coaches” spewing pseudoscientific fake psychology bullshit. Turns out there’s a guy that barely knows how to write and has a similar name to mine who regularly gives my address to people.
I tried telling them about the address (there was what I assume was a family contact in CC). I don’t think it registered at all. Makes me rather uneasy.
Ignore the email, go to Google via your browser, sign in, reset your password, and move on.
And enable 2fa if it’s not already on
When I receive things like this, I make sure to open Gmail from within Firefox with all extensions meant to defend me (like NoScript, unlock origin, privacy badger, https everywhere) and then I hover over the gigantic button “check my activity” and see if it leads to a accounts.google.com link.
Either way, I then copy the link address without clicking on it, and open it in a private window to see what happens. If it’s a scam, the page it opens has a legit looking, but wrong google address (aka, it cannot really end with google.com). Then I just stop having fun and don’t continue nor type anything
What does it look like in your case?
But google and googlе may not be the same.
Homograph attack uses other characters that look the same.Go here: https://mothereff.in/utf-8 and paste-in both previous instances of “gооgle”, and you’ll see they differ.
Fun fact: The one in quotes is also different from the two.Firefox knows the difference though, it won’t pull your passwords or login cookies. But yeah, it’s very easy to fall for phishing attempts, I just never click on anything sent in a mail to be safe.
