How do I know if this hack warning from gmail is authentic?
October 12, 2013 12:18 AM Subscribe
Tonight I got this email:
"Someone recently used your password to try to sign in to your Google Account myname@gmail.com. This person was using an application such as an email client or mobile device.
We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt:
Saturday, October 12, 2013 5:50:42 AM UTC
IP Address: #####
Location: Kusatsu, Shiga Prefecture, Japan
If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately."
It had a link to what looks like a real Google Help Center page which talks about two-step verification.
Has anyone ever had an email like this? How do I tell if it's authentic? Has anyone ever used this two-step verification process as outlined on the alleged help center page?
Thank you.
Best answer: I've used two-step verification before; it sends a text to your phone with a code and you have to enter the code to log in. It locks you out of your account if you lose your phone, which is a huge pain in the ass, but if you keep it on you all the time and aren't likely to use it it's fine.
I don't know if that page is real or if the email is real, though. A real one should have a google.com URL (or google.whatevercountryyou'rein). Google's Malaysian server has been hacked recently-- it seems to be back under control, but if the URLs you're getting are to google.com.my, I wouldn't enter anything.
Basically what I'm saying is that it doesn't sound like anything fishy is going on except that someone attempted to hack your account from Japan and Google's security measure caught them; unless Google has been hacked (or their DNS has been hacked, I think), you should be fine as long as you're going to Google URLs. I'm not an expert though.
posted by NoraReed at 12:31 AM on October 12, 2013
I don't know if that page is real or if the email is real, though. A real one should have a google.com URL (or google.whatevercountryyou'rein). Google's Malaysian server has been hacked recently-- it seems to be back under control, but if the URLs you're getting are to google.com.my, I wouldn't enter anything.
Basically what I'm saying is that it doesn't sound like anything fishy is going on except that someone attempted to hack your account from Japan and Google's security measure caught them; unless Google has been hacked (or their DNS has been hacked, I think), you should be fine as long as you're going to Google URLs. I'm not an expert though.
posted by NoraReed at 12:31 AM on October 12, 2013
Best answer: I've been traveling in Europe and I received two of those messages. Both times they correctly identified where and when I tried to access my Google My Maps from my phone. Seems to me they are legit messages from Google. It's a bit anoying because you have to change your password and you can't choose a previous password. That means I have to update my settings for all my email clients and all my devices where I use Chrome. I'll probably do the two-step process next time it happens.
posted by humboldt32 at 1:28 AM on October 12, 2013 [1 favorite]
posted by humboldt32 at 1:28 AM on October 12, 2013 [1 favorite]
Best answer: hello humboldt32.
thanks. yeah, i figured out it was legit and just changed the password... annoying, yes.
posted by holdenjordahl at 1:37 AM on October 12, 2013
thanks. yeah, i figured out it was legit and just changed the password... annoying, yes.
posted by holdenjordahl at 1:37 AM on October 12, 2013
Best answer: There is a Google Authenticator app for mobile (ios/android). It provides the number sequence required to complete log-in without needing to receive a text. I have been using it for quite a while now. The only time you really need it is when signing in on an unknown device: you can tell Google to remember you on devices you own.
posted by caution live frogs at 6:10 AM on October 12, 2013
posted by caution live frogs at 6:10 AM on October 12, 2013
Best answer: Also, when you set up two step verification you can download a page of authentication numbers that you can print out and keep in your wallet in the event that you are unable to find your phone.
posted by ocherdraco at 6:29 AM on October 12, 2013 [3 favorites]
posted by ocherdraco at 6:29 AM on October 12, 2013 [3 favorites]
Response by poster: if anyone's still out there, i changed the password and now my gmail doesn't synch on my Galaxy S3. i've gone through all the forums and can find anything that works. might this be connected to the issue described above?
posted by holdenjordahl at 9:57 AM on October 12, 2013
posted by holdenjordahl at 9:57 AM on October 12, 2013
It's possible you need to set up an application-specific password for your Galaxy. I've had to do this for a number of things. Here is the help file for it.
posted by jessamyn at 11:42 AM on October 12, 2013
posted by jessamyn at 11:42 AM on October 12, 2013
Yep, you need the application specific password for your phone.
I use two-factor authentication on Google and swear by it.
posted by spitbull at 1:17 PM on October 12, 2013
I use two-factor authentication on Google and swear by it.
posted by spitbull at 1:17 PM on October 12, 2013
« Older Looking for an amazingly campy dance sequence from... | Dealing with disappointing friends. Newer »
This thread is closed to new comments.
If an email says "something happened. Click here to login" it's usually fake. Ignore the link and login manually on a separate tab or window to see if there genuinely is an alert.
In this case it looks accurate. I've got two step authentication on my account and it works well.
posted by almostwitty at 12:27 AM on October 12, 2013 [1 favorite]