A stranger has locked me out of my Google account twice - what to do?
July 8, 2017 8:11 AM Subscribe
Someone keeps locking me out of my Google account. I'm unsure if their intent is malicious, as they've apparently inputted their real name and address into some of my settings (how, I'm not sure). Can I determine if this is some weird scam or an honest mistake? And what can/should I do about it?
Twice in the last few months, I've been locked out of my Gmail account. My address is in the style of Initial.Initial.Lastname. After getting back into the account, I see emails from Google addressed to a person with a completely different name - no common initials, even. I'm calling this person Patsy Cline. Most recently, Patsy apparently tried to send $1000 to Merle Haggard via Google Wallet. I've got Merle Haggard's email address - it's in the style of FirstName.LastName with no attempt at anonymity. Even stranger, Patsy used Loretta Lynn's checking account to make this payment. Loretta's checking account information is now stored in my Google Wallet and I've apparently got the ability to make payments to/from this account (which I obviously won't do, since I'm not a jerk).
I have Patsy Cline's full name and physical address. It's a US address and it's a street on or near a military base, based on the city. Patsy is the one who appears to mistakenly or maliciously be trying to use my Google account.
I have Merle Haggard's full name and email address - no other info.
I have Loretta Lynn's full name and checking account info, but no contact info and she's got a relatively common name based on a Google search.
What should I do? I've changed my passwords and confirmed my security settings, but this has happened twice in just a few months. I turned on 2 factor verification today. Google has none of my bank or credit card info, FWIW. Should I attempt to contact these people (as noted, I've got a mailing address and email address)? Should I delete all their information from Google wallet and hope it doesn't happen again? Something else?
Twice in the last few months, I've been locked out of my Gmail account. My address is in the style of Initial.Initial.Lastname. After getting back into the account, I see emails from Google addressed to a person with a completely different name - no common initials, even. I'm calling this person Patsy Cline. Most recently, Patsy apparently tried to send $1000 to Merle Haggard via Google Wallet. I've got Merle Haggard's email address - it's in the style of FirstName.LastName with no attempt at anonymity. Even stranger, Patsy used Loretta Lynn's checking account to make this payment. Loretta's checking account information is now stored in my Google Wallet and I've apparently got the ability to make payments to/from this account (which I obviously won't do, since I'm not a jerk).
I have Patsy Cline's full name and physical address. It's a US address and it's a street on or near a military base, based on the city. Patsy is the one who appears to mistakenly or maliciously be trying to use my Google account.
I have Merle Haggard's full name and email address - no other info.
I have Loretta Lynn's full name and checking account info, but no contact info and she's got a relatively common name based on a Google search.
What should I do? I've changed my passwords and confirmed my security settings, but this has happened twice in just a few months. I turned on 2 factor verification today. Google has none of my bank or credit card info, FWIW. Should I attempt to contact these people (as noted, I've got a mailing address and email address)? Should I delete all their information from Google wallet and hope it doesn't happen again? Something else?
Since "Patsy" is trying to send money, I doubt this is an innocent mistake.
posted by puddledork at 8:54 AM on July 8, 2017 [11 favorites]
posted by puddledork at 8:54 AM on July 8, 2017 [11 favorites]
I just want to agree with the folks that posted already. Definitely lock down your account, and remove all connected apps. Since there's money transfer activity, I too doubt that it's innocent. Likely they are trying to use your account in a laundering scheme.
I would also recommend you go ahead and report this as suspicious/criminal activity to Google. They have a how-to guide here: https://support.google.com/sites/answer/116262?hl=en
posted by Lafe at 9:00 AM on July 8, 2017 [4 favorites]
I would also recommend you go ahead and report this as suspicious/criminal activity to Google. They have a how-to guide here: https://support.google.com/sites/answer/116262?hl=en
posted by Lafe at 9:00 AM on July 8, 2017 [4 favorites]
Ack, I'm sorry, I used the wrong link in my previous answer, and I'm outside the edit window (mods, pls feel free to delete the wrong one!). That one goes to Google Sites, the one I meant to use is this one, from the Google Wallet help section: https://support.google.com/wallet/answer/6285511?hl=en&ref_topic=6285499 under the "Report Suspicious Activity" section.
posted by Lafe at 9:21 AM on July 8, 2017 [6 favorites]
posted by Lafe at 9:21 AM on July 8, 2017 [6 favorites]
I think phunniemee gave great advice. I would add another (unlikely?) possibility that is not covered above. The breach might not be in the email account itself. It might be someone has gotten access to either your PC, your phone or whatever device you use to access gmail. If it were me, and I have a rooted Android phone, I would do a factory reset on my phone and then flash a fresh copy of my OS (Lineage 14.1.2). I would also do a complete analysis of my PC to make sure no malware was installed or keyloggers or what not. (For guidance with this, see user Deezil's profile. He will direct you to his website and step by step instructions.)
While you do not appear to be the target other than using your account for cover, take this opportunity to protect yourself from all sides.
posted by AugustWest at 10:15 AM on July 8, 2017 [3 favorites]
While you do not appear to be the target other than using your account for cover, take this opportunity to protect yourself from all sides.
posted by AugustWest at 10:15 AM on July 8, 2017 [3 favorites]
If they were just using your email address for things, it could be a typo or error, but if they're actually signed in to your Google wallet? Definitely report suspicious activity.
posted by Lady Li at 10:24 AM on July 8, 2017 [1 favorite]
posted by Lady Li at 10:24 AM on July 8, 2017 [1 favorite]
It's not clear from your post whether you are using google wallet, yourself, but it's time to disconnect Wallet from your bank and/or credit/debit cards, temporarily, while you get all of this sorted out.
posted by Sunburnt at 10:28 AM on July 8, 2017 [1 favorite]
posted by Sunburnt at 10:28 AM on July 8, 2017 [1 favorite]
I have Loretta Lynn's full name and checking account info,
If you can identify Loretta's bank, it would be a kind thing to contact her bank's fraud department - and let them know that her account may be compromised, and give them a description of the situation.
posted by bunderful at 12:21 PM on July 8, 2017 [9 favorites]
If you can identify Loretta's bank, it would be a kind thing to contact her bank's fraud department - and let them know that her account may be compromised, and give them a description of the situation.
posted by bunderful at 12:21 PM on July 8, 2017 [9 favorites]
Also check to see if your mail is being forwarded: if someone has gained access to your account they will have set up message forwarding to send them a copy of any mail you receive. That would let them get back in if you change things, or send password-change requests to your bank and get in via an emailed reply.
posted by Joe in Australia at 3:03 AM on July 9, 2017 [1 favorite]
posted by Joe in Australia at 3:03 AM on July 9, 2017 [1 favorite]
Also, get one of these:
https://www.amazon.com/Yubico-Y-123-FIDO-U2F-Security/dp/B00NLKA0D8
...and associate it with your Google account immediately. After you have done so, print out your unlock codes - these allow you to recover your account should you lose the key. Fold them up and put them in your favorite book on your bookshelf.
Don't worry, you don't need to use the key on your primary computer, BUT: your adversary does. And the physical key is better than SMS-based 2FA.
posted by scolbath at 12:55 PM on July 9, 2017 [1 favorite]
https://www.amazon.com/Yubico-Y-123-FIDO-U2F-Security/dp/B00NLKA0D8
...and associate it with your Google account immediately. After you have done so, print out your unlock codes - these allow you to recover your account should you lose the key. Fold them up and put them in your favorite book on your bookshelf.
Don't worry, you don't need to use the key on your primary computer, BUT: your adversary does. And the physical key is better than SMS-based 2FA.
posted by scolbath at 12:55 PM on July 9, 2017 [1 favorite]
This thread is closed to new comments.
On desktop view (I don't know where this hides on mobile) click on your google account and go to the "my account" page. The first card on that page should be called "sign in and security" and under that heading is a link to review your connected apps and sites. Click that. On that page you can look through all of the apps and websites you (or anyone else) have given your google account permissions to. Go through those and just axe everything.
Then go back to the "my account" page. The middle card is "personal info and privacy" and under that is a link to your personal info. Go there and check that your email and phone number and any other contact info used for account recovery actually belongs to you. Delete anything you don't recognize.
Then, if you scroll to the bottom of your inbox on gmail, you'll see a little thing to the right that says "last account activity: x mins" and a link that says details. Go to the details view and sign out of all other web sessions.
Once you've removed your info from everywhere your account is signed into, change the password again. That should at least make sure that anyone who has your account open somewhere would have to sign in again, which they shouldn't be able to because it's a totally new password and all the recovery contacts are your own.
posted by phunniemee at 8:37 AM on July 8, 2017 [49 favorites]