Why are people using me as their Gmail recovery address?
December 14, 2017 5:53 AM Subscribe
Several times a week for the past few months, people have created Gmail accounts and chosen my Gmail as their recovery address. I then get security alert emails that someone is trying to log into their account, as well as password reset emails.
Is this some sort of attack vector for breaking into my account? I unlink the accounts when possible, but there doesn't seem to be a way to see all linked accounts for my Gmail.
Best answer: In 2015, this was happening to me, too. It stopped after 6-8 months or so.
posted by unknowncommand at 6:18 AM on December 14, 2017 [1 favorite]
posted by unknowncommand at 6:18 AM on December 14, 2017 [1 favorite]
I have a lot of e-mail addresses. I get these almost every day.
As Ampy says, most are honest mistakes. A lot of people don't realize that a recovery address is supposed to be one they already have. They seem to think it's like a second choice.
posted by rokusan at 7:11 AM on December 14, 2017
As Ampy says, most are honest mistakes. A lot of people don't realize that a recovery address is supposed to be one they already have. They seem to think it's like a second choice.
posted by rokusan at 7:11 AM on December 14, 2017
Response by poster: My email address is indeed a common word (both a noun and an adjective). I also have that account on twitter and instagram, and people are always trying reset the password. What's unusual is that I've had this email address for over a decade and this has only started happening in the last few months. A lot of the email addresses have strings of random numbers in them and the login attempts are coming from outside of english-speaking countries that might use my username commonly. I probably unlink 5 or 6 accounts a week right now.
posted by krunk at 7:31 AM on December 14, 2017
posted by krunk at 7:31 AM on December 14, 2017
A lot of the email addresses have strings of random numbers in them and the login attempts are coming from outside of english-speaking countries that might use my username commonly.
Oh, that sounds like throwaway spam accounts. There are a Frank Edward and an Edward Fulton who seem to be actual people who register stuff with my handle every couple months because they are just that dumb, but I get more notices from Google from actual spam. It could be click fraud, spam email, fake twitter accounts, or whatever, and you're just getting blowback. I always just click the "this is not my account" link when I see the email and forget about it. Often by the time I do that the account has already been terminated as fraud or a ToS violation.
posted by fedward at 8:33 AM on December 14, 2017 [1 favorite]
Oh, that sounds like throwaway spam accounts. There are a Frank Edward and an Edward Fulton who seem to be actual people who register stuff with my handle every couple months because they are just that dumb, but I get more notices from Google from actual spam. It could be click fraud, spam email, fake twitter accounts, or whatever, and you're just getting blowback. I always just click the "this is not my account" link when I see the email and forget about it. Often by the time I do that the account has already been terminated as fraud or a ToS violation.
posted by fedward at 8:33 AM on December 14, 2017 [1 favorite]
I've had a handful of people use my (rather obscure) gmail address. One person in the UK signed up for a PayPal account, which was fun, as I already had that email attached to my PayPal account. Long story. The second is someone in France who signed up for Netflix.
All of it has been someone fat-fingering an email address somewhere.
posted by SansPoint at 9:27 AM on December 14, 2017
All of it has been someone fat-fingering an email address somewhere.
posted by SansPoint at 9:27 AM on December 14, 2017
My email address is indeed a common word (both a noun and an adjective). I also have that account on twitter and instagram, and people are always trying reset the password.
These are two different issues, if I'm reading it right. The second sounds like people trying to take over your twitter and instagram accounts, while the first has other possibilities as others have mentioned.
posted by filthy light thief at 9:22 PM on December 14, 2017
These are two different issues, if I'm reading it right. The second sounds like people trying to take over your twitter and instagram accounts, while the first has other possibilities as others have mentioned.
posted by filthy light thief at 9:22 PM on December 14, 2017
No, filthy, the second is probably also innocent. They're people who think that the account name in question is theirs, since it's a commonly used word and probably similar, and so when they try and fail to log in a few times they next try to recover/reset.
Maybe after that doesn't work, they realize their account is actually WordOther rather than OtherWord, or maybe not.
I have found that 99/100 apparent ID hacking attempts are people making dumb mistakes with their own credentials, then doubling down on their attempt to force the mistake through.
posted by rokusan at 2:33 AM on December 15, 2017
Maybe after that doesn't work, they realize their account is actually WordOther rather than OtherWord, or maybe not.
I have found that 99/100 apparent ID hacking attempts are people making dumb mistakes with their own credentials, then doubling down on their attempt to force the mistake through.
posted by rokusan at 2:33 AM on December 15, 2017
This thread is closed to new comments.
posted by Ampersand692 at 6:18 AM on December 14, 2017 [2 favorites]