Register    Login    Search    FAQ     Articles & downloads     Donate

Board index » Technical Forums » Security




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post Posted: Wed Jan 13, 2016 11:44 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6319
Location: The state of confusion; I just use Wyoming for mail.
I got three emails supposedly from Gmail at the same time. All were in reference to changing things on my account. Sorry but this is going to be lengthy as I will include the emails. Here they are...

email title was 'Gmail Upgrade Confirmation'
Code:
Dear Google Account holder:

Thank you for adding Gmail to your Google Account.  Your Gmail address and 
primary username is

****************@gmail.com

You may continue to sign in with your old email address if you prefer:

*********@hotmail.com

Sincerely,
The Google Accounts Team

Note: This email address cannot accept replies. To fix an issue or learn 
more
about your account, visit our help center:
//support.google.com/accounts/

Note that this is supposed to be from Gmail yet it references my Hotmail account. There is no relationship between the two so this is the first indication of bogus.

Second email... This reports a sign in from Firefox.
Email title: 'New sign-in from Firefox on Windows'.
Code:
   
Hi,
Your Google Account ******@hotmail.com was just used to sign in from Firefox on Windows.  *******@hotmail.com
 
   Windows
Thursday, January 14, 2016 2:57 AM (GMT)
Firefox
Don't recognize this activity?
Review your recently used devices now.

Why are we sending this? We take security very seriously and we want to keep you in the loop on important actions in your account.
We were unable to determine whether you have used this browser or device with your account before. This can happen when you sign in for the first time on a new computer, phone or browser, when you use your browser's incognito or private browsing mode or clear your cookies, or when somebody else is accessing your account.

Best,
The Google Accounts team

This email can't receive replies. To give us feedback on this alert, click here.
For more information, visit the Google Accounts Help Center.
 
You received this mandatory email service announcement to update you about important changes to your Google product or account.
© 2016 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA 


The clincher! If I had in fact changed things within my Gmail account I would have gotten emails to confirm, I got none.

Here is the third email... It states that my password has been changed yet I got no email to confirm a password change and my current password still works. If my password had been actually changed I would get a failure notice in Live mail when checking for emails. I get no such failure.

Email title: 'Your password changed'.
Code:
 
 Your password changed 
 Hi,
The password for your Google Account *****@hotmail.com was recently changed.

Don't recognize this activity?
Click here for more information on how to recover your account.

Best,
The Google Accounts team

This email can't receive replies. For more information, visit the Google Accounts Help Center.
 
You received this mandatory email service announcement to update you about important changes to your Google product or account.
© 2016 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Again please notice that the actual email account referenced is Hotmail, not gmail This just HAS to be bogus. If my password had actually been changed I would get a failure on receive/send through the account via Live Mail which I do not

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 14, 2016 2:08 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
The proof would be, of course, what address those links point to when you hover over them. I'd love to know what the domain was.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 14, 2016 8:14 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6319
Location: The state of confusion; I just use Wyoming for mail.
I will see what I can do about the links...

I DO have a task bar enabled in Live Mail so hovering over a link shows the URL just like in IE. Still it makes no sense. I did go ahead and click a link within the logged on with FF email...
Attachment:
google1.jpg
google1.jpg [ 69.58 KiB | Viewed 4940 times ]

Sigh, it DOES show in the address bar as a google.com domain but still makes no sense. As you can see in the following shot resulting from clicking the link I do NOT have a Hotmail account associated with Gmail.
Attachment:
gmail2.jpg
gmail2.jpg [ 17.54 KiB | Viewed 4940 times ]


Of course I changed my password but this means that I will kill Gmail sooner than expected. I planned to drop them anyway but it will be a pain and have to wait until my next days off work as will have to let people know along with log ins associated with the Gmail account such as my hosting.

Their answer is that someone has an email address similar to mine and entered a secondary contact email with a typo that matched mine. While plausible this is not acceptable as this would indicate that they allow contact addresses to be entered without confirmation.

Sorry that I put this in the security section but that is exactly what I thought it was until doing further research.

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 14, 2016 9:14 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
If you don't mind, what exactly was the URL the link poined to? (Remove any part that points to your account.)

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 14, 2016 9:49 pm 
Offline
Site Admin
User avatar

Joined: Tue Apr 10, 2012 9:48 pm
Posts: 1779
Location: New Jersey
Yes, Jay. Someone has entered your email as a secondary contact for their Google account. I've had this happen in the past. And, yes, adding the second notification email does not require verification, as it used only a notification address. Dumb.
-steve

_________________
stephen boots
Microsoft MVP since 2004
"Life's always an adventure with computers!"


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 14, 2016 10:21 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6319
Location: The state of confusion; I just use Wyoming for mail.
MacDuffie wrote:
If you don't mind, what exactly was the URL the link poined to? (Remove any part that points to your account.)


I can't as account keys are part of the URL. I don't know yet where this will go but here is the link withouth the personal additions for the specific case.
https://accounts.google.com/AccountChooser

WOW! The above abbreviated link still took me to the access page, probably due to a cookie. I am going to trust in that it IS a cookie thing and leave the post. If any admin/mod for this site clicks the link and gets a page with anything related to me, please immediately edit and remove the link from this post.

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 14, 2016 10:32 pm 
Offline
Resident Geekazoid Administrator
User avatar

Joined: Wed Mar 21, 2012 5:09 am
Posts: 6319
Location: The state of confusion; I just use Wyoming for mail.
sboots wrote:
Yes, Jay. Someone has entered your email as a secondary contact for their Google account. I've had this happen in the past. And, yes, adding the second notification email does not require verification, as it used only a notification address. Dumb.
-steve


Yes, this seems to be the case and is yet one more reason to drop anything Google. I mean really... being able to enter a secondary email without verification has to be on the edge of criminal neglect.

_________________
Image
Jaylach's Free Sites
I NEVER forget... I just remember late.

ImageImage


Top 
 Profile  
Reply with quote  
 Post Posted: Thu Jan 14, 2016 11:19 pm 
Offline
Fearless Leader
User avatar

Joined: Wed Mar 21, 2012 5:42 am
Posts: 2823
I agree, Jay.

And, to ease your mind, that links takes me to a sign-in screen.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock


Top 
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 8 posts ] 

Board index » Technical Forums » Security


Who is online

Registered users: No registered users

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Similar topics


Jump to:  

cron