Discussion:
"Someone just used your password..."
(too old to reply)
Alek
2016-12-04 22:28:09 UTC
Permalink
A couple of my Google accounts have gotten the following message:


Hi [username],

Someone just used your password to try to sign in to your Google Account
[username]@gmail.com, using an application such as an email client or
mobile device.

Details:
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*

Google stopped this sign-in attempt, but you should review your recently
used devices:

What does this really mean?

How could that person/entity get my passwords? IOW is there some basic
security practice I'm missing? Don't they need to be able to access to
one or more of my computers/smartphones to get passwords?

Thanks.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Richard Kettlewell
2016-12-04 23:01:18 UTC
Permalink
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
How sure are you the mail really came from Google (i.e. is not a phish)?
Post by Alek
What does this really mean?
How could that person/entity get my passwords? IOW is there some basic
security practice I'm missing? Don't they need to be able to access to
one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you’ve been phished or that your password is easy to guess.
--
http://www.greenend.org.uk/rjk/
Alek
2016-12-04 23:54:03 UTC
Permalink
Post by Richard Kettlewell
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
How sure are you the mail really came from Google (i.e. is not a phish)?
100%
Post by Richard Kettlewell
Post by Alek
What does this really mean?
How could that person/entity get my passwords? IOW is there some basic
security practice I'm missing? Don't they need to be able to access to
one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you’ve been phished or that your password is easy to guess.
Nope. I'm super careful about falling for phishing, and even if I fell
for one, I surely wouldn't fall for 3 or 4.

None of my passwords is easy to guess. No, I do not use "password" or
"123456". :-)


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
William Unruh
2016-12-05 00:29:03 UTC
Permalink
Post by Alek
Post by Richard Kettlewell
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
How sure are you the mail really came from Google (i.e. is not a phish)?
100%
Huh. That in itself indicate that you have no idea whatsoever about
physhing and about dangers on the web.

How in the world did you come up with that idiotic figure.
Post by Alek
Post by Richard Kettlewell
Post by Alek
What does this really mean?
How could that person/entity get my passwords? IOW is there some basic
security practice I'm missing? Don't they need to be able to access to
one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you???ve been phished or that your password is easy to guess.
Nope. I'm super careful about falling for phishing, and even if I fell
for one, I surely wouldn't fall for 3 or 4.
None of my passwords is easy to guess. No, I do not use "password" or
"123456". :-)
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Richard Kettlewell
2016-12-05 09:15:12 UTC
Permalink
Post by Richard Kettlewell
Post by Alek
How could that person/entity get my passwords? IOW is there some
basic security practice I'm missing? Don't they need to be able to
access to one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you’ve been phished or that your password is easy to guess.
Nope. I'm super careful about falling for phishing, and even if I
fell for one, I surely wouldn't fall for 3 or 4.
How have you measured how careful you are?
None of my passwords is easy to guess. No, I do not use "password" or
"123456". :-)
What were the passwords?

There were three suggestions above, you’ve only addressed two of them.
--
http://www.greenend.org.uk/rjk/
Alek
2016-12-05 09:20:50 UTC
Permalink
Post by Richard Kettlewell
Post by Richard Kettlewell
Post by Alek
How could that person/entity get my passwords? IOW is there some
basic security practice I'm missing? Don't they need to be able to
access to one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you’ve been phished or that your password is easy to guess.
Nope. I'm super careful about falling for phishing, and even if I
fell for one, I surely wouldn't fall for 3 or 4.
How have you measured how careful you are?
How do you do that?
Post by Richard Kettlewell
None of my passwords is easy to guess. No, I do not use "password" or
"123456". :-)
What were the passwords?
OK, sure. :-)
Post by Richard Kettlewell
There were three suggestions above, you’ve only addressed two of them.
I didn't address "perhaps they can access one of of them" because I
can't imagine how they would do that.
Richard Kettlewell
2016-12-05 11:26:40 UTC
Permalink
Post by Alek
Post by Richard Kettlewell
Post by Richard Kettlewell
Post by Alek
How could that person/entity get my passwords? IOW is there some
basic security practice I'm missing? Don't they need to be able to
access to one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you’ve been phished or that your password is easy to guess.
Nope. I'm super careful about falling for phishing, and even if I
fell for one, I surely wouldn't fall for 3 or 4.
How have you measured how careful you are?
How do you do that?
The usual approach is that someone on your side tries to phish you and
tells you whether it worked.

You may be basing your claim about being careful on the large volume of
phishing emails that make a bad job of looking like Apple, Amazon your
bank, etc. But they’re not all that amateurish.
Post by Alek
Post by Richard Kettlewell
None of my passwords is easy to guess. No, I do not use "password" or
"123456". :-)
What were the passwords?
OK, sure. :-)
You’ve been informed by Google that an adversary has your passwords, and
you’re 100% confident that the email actually came from Google. So I’d
assumed you’d already changed them.
Post by Alek
Post by Richard Kettlewell
There were three suggestions above, you’ve only addressed two of them.
I didn't address "perhaps they can access one of of them" because I
can't imagine how they would do that.
Exploit some software vulnerability in one of your systems, or
physically compromise one of your systems.
--
http://www.greenend.org.uk/rjk/
Alek
2016-12-05 12:20:33 UTC
Permalink
Post by Richard Kettlewell
Post by Alek
Post by Richard Kettlewell
Post by Richard Kettlewell
Post by Alek
How could that person/entity get my passwords? IOW is there some
basic security practice I'm missing? Don't they need to be able to
access to one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you’ve been phished or that your password is easy to guess.
Nope. I'm super careful about falling for phishing, and even if I
fell for one, I surely wouldn't fall for 3 or 4.
How have you measured how careful you are?
How do you do that?
The usual approach is that someone on your side tries to phish you and
tells you whether it worked.
You may be basing your claim about being careful on the large volume of
phishing emails that make a bad job of looking like Apple, Amazon your
bank, etc. But they’re not all that amateurish.
Neither am I.
Post by Richard Kettlewell
You’ve been informed by Google that an adversary has your passwords, and
you’re 100% confident that the email actually came from Google. So I’d
assumed you’d already changed them.
Yup.
Post by Richard Kettlewell
Post by Alek
Post by Richard Kettlewell
There were three suggestions above, you’ve only addressed two of them.
I didn't address "perhaps they can access one of of them" because I
can't imagine how they would do that.
Exploit some software vulnerability in one of your systems, or
physically compromise one of your systems.
No possibility of the latter. Former is much too vague to be of any
real help. But thanks anyway.
William Unruh
2016-12-05 12:47:46 UTC
Permalink
Post by Alek
Post by Richard Kettlewell
Post by Alek
Post by Richard Kettlewell
Post by Richard Kettlewell
Post by Alek
How could that person/entity get my passwords? IOW is there some
basic security practice I'm missing? Don't they need to be able to
access to one or more of my computers/smartphones to get passwords?
Perhaps they can access one of them. Other possibilities would be that
you???ve been phished or that your password is easy to guess.
Nope. I'm super careful about falling for phishing, and even if I
fell for one, I surely wouldn't fall for 3 or 4.
How have you measured how careful you are?
How do you do that?
The usual approach is that someone on your side tries to phish you and
tells you whether it worked.
You may be basing your claim about being careful on the large volume of
phishing emails that make a bad job of looking like Apple, Amazon your
bank, etc. But they???re not all that amateurish.
Neither am I.
So why don't you post the full email from "google" here, with all
headers, full html, etc. You can go through and anonymize your name or your own ip,
but make only minimal changes. See if we agree this is not physhing. I
listed a number of clues that told me it was phishing. You listed one
that told you it was not.

Note that another possibility is that they have poisoned your dns to
direct all google dns queries to their site.

If they have your password then they are you. There is no way google
could tell that their login is not you. And there should be no way they
can tell that "your" password" was used since the password should not be
stored in the clear. The notice as you reported it makes no sense. That
is one reason I believe with fairly high confidence that that is
physhing. (of course another possibility is that google is completely
incompetent at security).
So seeing the details (full headers, and full text including every bit
of the html) would be usefull.
Post by Alek
Post by Richard Kettlewell
You???ve been informed by Google that an adversary has your passwords, and
you???re 100% confident that the email actually came from Google. So I???d
assumed you???d already changed them.
Yup.
Post by Richard Kettlewell
Post by Alek
Post by Richard Kettlewell
There were three suggestions above, you???ve only addressed two of them.
I didn't address "perhaps they can access one of of them" because I
can't imagine how they would do that.
Exploit some software vulnerability in one of your systems, or
physically compromise one of your systems.
No possibility of the latter. Former is much too vague to be of any
real help. But thanks anyway.
Casper H.S. Dik
2016-12-05 12:57:06 UTC
Permalink
Post by William Unruh
If they have your password then they are you. There is no way google
could tell that their login is not you. And there should be no way they
can tell that "your" password" was used since the password should not be
stored in the clear. The notice as you reported it makes no sense. That
is one reason I believe with fairly high confidence that that is
physhing. (of course another possibility is that google is completely
incompetent at security).
So seeing the details (full headers, and full text including every bit
of the html) would be usefull.
Of course they can know whether your password was used; they need to
be able to verify it but that doesn't mean it is stored in plain text.

Whenever I use my google account from a new device I will always get an
message that a new device has accessed my account.

In this particular case it seems that they have refused the access
EVEN THOUGH THE PROPER PASSWORD WAS USED. That could be because
the particular login triggered some anti-abuse accounts (new device
on a location/IP network far-removed from where you usually login to.

WHen you get such an email, the best way to handle is is *NOT*
clicking on the link; instead take a *different* device and
re-type the URL once you've verified it's a proper URL.

Casper
Alek
2016-12-05 18:59:23 UTC
Permalink
Post by Casper H.S. Dik
Post by William Unruh
If they have your password then they are you. There is no way google
could tell that their login is not you. And there should be no way they
can tell that "your" password" was used since the password should not be
stored in the clear. The notice as you reported it makes no sense. That
is one reason I believe with fairly high confidence that that is
physhing. (of course another possibility is that google is completely
incompetent at security).
So seeing the details (full headers, and full text including every bit
of the html) would be usefull.
Of course they can know whether your password was used; they need to
be able to verify it but that doesn't mean it is stored in plain text.
Whenever I use my google account from a new device I will always get an
message that a new device has accessed my account.
In this particular case it seems that they have refused the access
EVEN THOUGH THE PROPER PASSWORD WAS USED. That could be because
the particular login triggered some anti-abuse accounts (new device
on a location/IP network far-removed from where you usually login to.)
True.
Post by Casper H.S. Dik
WHen you get such an email, the best way to handle is is *NOT*
clicking on the link; instead take a *different* device and
re-type the URL once you've verified it's a proper URL.
Always do that. But I'm pretty sure that the Thunderbird status bar
shows the true URL.
Alek
2016-12-05 19:07:30 UTC
Permalink
Post by William Unruh
So why don't you post the full email from "google" here, with all
headers, full html, etc. You can go through and anonymize your name or your own ip,
but make only minimal changes. See if we agree this is not physhing. I
listed a number of clues that told me it was phishing. You listed one
that told you it was not.
Here you go!

Delivered-To: ***@gmail.com
Received: by 10.194.87.227 with SMTP id bb3csp613249wjb;
Wed, 30 Nov 2016 18:37:38 -0800 (PST)
X-Received: by 10.107.173.9 with SMTP id w9mr12172816ioe.186.1480559858708;
Wed, 30 Nov 2016 18:37:38 -0800 (PST)
Return-Path:
<38ow_WAgTB9EAB-***@gaia.bounces.google.com>
Received: from mail-io0-x245.google.com (mail-io0-x245.google.com.
[2607:f8b0:4001:c06::245])
by mx.google.com with ESMTPS id
r193si6938950ita.61.2016.11.30.18.37.38
for <***@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 30 Nov 2016 18:37:38 -0800 (PST)
Received-SPF: pass (google.com: domain of
38ow_wagtb9eab-***@gaia.bounces.google.com
designates 2607:f8b0:4001:c06::245 as permitted sender)
client-ip=2607:f8b0:4001:c06::245;
Authentication-Results: mx.google.com;
dkim=pass header.i=@accounts.google.com;
spf=pass (google.com: domain of
38ow_wagtb9eab-***@gaia.bounces.google.com
designates 2607:f8b0:4001:c06::245 as permitted sender)
smtp.mailfrom=38ow_WAgTB9EAB-***@gaia.bounces.google.com;
dmarc=pass (p=REJECT dis=NONE) header.from=accounts.google.com
Received: by mail-io0-x245.google.com with SMTP id r101so41185350ioi.3
for <***@gmail.com>; Wed, 30 Nov 2016 18:37:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=accounts.google.com; s=20120806;
h=mime-version:date:feedback-id:message-id:subject:from:to;
bh=ATRu4Kp5kLk5/oN2Uhcpg6aE2fiC1lny8Qltj/CcVNI=;
b=Y5/7jCXUVE/xtR0UiG8nTcOKu6FbUr8TeJblrracDIh7XyxoZvh2ATqjEwGqGqRayB

K1nGWU4dTYbtRds7ANZZnDpvZnop1KPtiIRhM0mI9xchRALiqwZH3G2Dov75fxelE8Zv

LrLBKq8gZf8w4XM2JDJNt/eneHz+N7uE12XRDdqt2Eher4bMLmMlOxfiz/64za0RN15m

U/GwSHpis7ot9qXkgBeDP9TAcVqA5twP7FcbRYwxMk9KbqnIirkWSkyVXAan34Kc5I6e

iYDXCW5QxCK/G5n6fWB4OUajp0ULJjHUJcPdkTZrU2M9KGCHCM7etaAajrGI7ZX1IT2l
Ri3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;

h=x-gm-message-state:mime-version:date:feedback-id:message-id:subject
:from:to;
bh=ATRu4Kp5kLk5/oN2Uhcpg6aE2fiC1lny8Qltj/CcVNI=;
b=JdRKQXxqJPMH2kbI1yr5AOo1m8wbu9EdiVMDyBcSC9mlKeu/1Borb66SKj5/k7XWzZ

L6O9NjJ/sYkioNZqNZbfziXvqvnKDg/M5vSkgXmkopVgwru3bc60DJjFM3t51YYHxovz

Lne4PPpL3wmvFNxA73pfislQPhstVgmXHlpGwj7jwAIINxgOOHCQKKYcwkw9AoIELzLJ

B4CoCJiMFrjdbzrOW80Q6IDRKzHyhkumDzM4LZm5TczPk5S3TKaH8bVCn0AfmxfYa/Kq

dMX1eJytEI2k7JCVMj+FUtq1fWMB8/DTEEw39AqXpVzbk556/YT4dse7cRybMTAakVon
U/0w==
X-Gm-Message-State:
AKaTC01OpddhVYhMZOfrWCnpKsDLuETUxuh51Y9Pt0NN/4Ubli0EwYiaA25DyhEP39jCqeWKX4Ro8u3PvqYO51dL
MIME-Version: 1.0
X-Received: by 10.157.12.97 with SMTP id
88mr8682637otr.68.1480559858435; Wed,
30 Nov 2016 18:37:38 -0800 (PST)
Date: Thu, 1 Dec 2016 02:32:07 +0000 (GMT)
X-Notifications: XEAAAAB1NKtLh5ZmJGvu2LwVzagc
X-Account-Notification-Type: 6-anexp#ire-f1
Feedback-ID: 6-anexp#ire-f1:account-notifier
Message-ID: <***@notifications.google.com>
Subject: Someone has your password
From: Google <no-***@accounts.google.com>
To: ***@gmail.com
Content-Type: multipart/alternative; boundary=94eb2c1107786e466405428fb43c

--94eb2c1107786e466405428fb43c
Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes
Content-Transfer-Encoding: base64

U29tZW9uZSBoYXMgeW91ciBwYXNzd29yZA0KDQoNCg0KSGkgUGlrb3YsDQpTb21lb25lIGp1c3Qg
dXNlZCB5b3VyIHBhc3N3b3JkIHRvIHRyeSB0byBzaWduIGluIHRvIHlvdXIgR29vZ2xlIEFjY291
bnQNCnBpa292MjJAZ21haWwuY29tLCB1c2luZyBhbiBhcHBsaWNhdGlvbiBzdWNoIGFzIGFuIGVt
YWlsIGNsaWVudCBvciBtb2JpbGUNCmRldmljZS4NCg0KRGV0YWlsczoNCldlZG5lc2RheSwgTm92
ZW1iZXIgMzAsIDIwMTYgODozMiBQTSAoQ2VudHJhbCBTdGFuZGFyZCBUaW1lKQ0KSWxsaW5vaXMs
IFVTQSpHb29nbGUgc3RvcHBlZCB0aGlzIHNpZ24taW4gYXR0ZW1wdCwgYnV0IHlvdSBzaG91bGQg
cmV2aWV3DQp5b3VyIHJlY2VudGx5IHVzZWQgZGV2aWNlczoNCg0KUkVWSUVXIFlPVVIgREVWSUNF
UyBOT1cNCjxodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vQWNjb3VudENob29zZXI/RW1haWw9
cGlrb3YyMkBnbWFpbC5jb20mY29udGludWU9aHR0cHM6Ly9zZWN1cml0eS5nb29nbGUuY29tL3Nl
dHRpbmdzL3NlY3VyaXR5L2FjdGl2aXR5P3JmbiUzRDYlMjZyZm5jJTNEMSUyNmV0JTNEMCUyNmFz
YWUlM0QyJTI2YW5leHAlM0RpcmUtZjE+DQoNCkJlc3QsDQpUaGUgR29vZ2xlIEFjY291bnRzIHRl
YW0NCg0KDQoNCipUaGUgbG9jYXRpb24gaXMgYXBwcm94aW1hdGUgYW5kIGRldGVybWluZWQgYnkg
dGhlIElQIGFkZHJlc3MgaXQgd2FzIGNvbWluZw0KZnJvbS4NCg0KVGhpcyBlbWFpbCBjYW4ndCBy
ZWNlaXZlIHJlcGxpZXMuIEZvciBtb3JlIGluZm9ybWF0aW9uLCB2aXNpdCB0aGUgR29vZ2xlDQpB
Y2NvdW50cyBIZWxwIENlbnRlciA8aHR0cHM6Ly9zdXBwb3J0Lmdvb2dsZS5jb20vYWNjb3VudHM+
Lg0KDQoNCg0KWW91IHJlY2VpdmVkIHRoaXMgbWFuZGF0b3J5IGVtYWlsIHNlcnZpY2UgYW5ub3Vu
Y2VtZW50IHRvIHVwZGF0ZSB5b3UgYWJvdXQNCmltcG9ydGFudCBjaGFuZ2VzIHRvIHlvdXIgR29v
Z2xlIHByb2R1Y3Qgb3IgYWNjb3VudC4NCsKpIDIwMTYgR29vZ2xlIEluYy4sIDE2MDAgQW1waGl0
aGVhdHJlIFBhcmt3YXksIE1vdW50YWluIFZpZXcsIENBIDk0MDQzLCBVU0ENCg==
--94eb2c1107786e466405428fb43c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html lang=3D"en"><head><meta name=3D"format-detection" content=3D"date=3Dn=
o"><meta name=3D"format-detection" content=3D"email=3Dno"></head><body styl=
e=3D"margin: 0; padding: 0;" bgcolor=3D"#FFFFFF"><table width=3D"100%" heig=
ht=3D"100%" style=3D"min-width: 348px;" border=3D"0" cellspacing=3D"0" cell=
padding=3D"0"><tr height=3D"32px"></tr><tr align=3D"center"><td width=3D"32=
px"></td><td><table border=3D"0" cellspacing=3D"0" cellpadding=3D"0" style=
=3D"max-width: 600px;"><tr><td><table width=3D"100%" border=3D"0" cellspaci=
ng=3D"0" cellpadding=3D"0"><tr><td align=3D"left"><img width=3D"92" height=
=3D"32" src=3D"https://www.gstatic.com/accountalerts/email/googlelogo_color=
_188x64dp.png" style=3D"display: block; width: 92px; height: 32px;"></td><t=
d align=3D"right"><img width=3D"32" height=3D"32" style=3D"display: block; =
width: 32px; height: 32px;" src=3D"https://www.gstatic.com/accountalerts/em=
ail/shield.png"></td></tr></table></td></tr><tr height=3D"16"></tr><tr><td>=
<table bgcolor=3D"#D94235" width=3D"100%" border=3D"0" cellspacing=3D"0" ce=
llpadding=3D"0" style=3D"min-width: 332px; max-width: 600px; border: 1px so=
lid #E0E0E0; border-bottom: 0; border-top-left-radius: 3px; border-top-righ=
t-radius: 3px;"><tr><td height=3D"72px" colspan=3D"3"></td></tr><tr><td wid=
th=3D"32px"></td><td style=3D"font-family: Roboto-Regular,Helvetica,Arial,s=
ans-serif; font-size: 24px; color: #FFFFFF; line-height: 1.25;">Someone has=
your password</td><td width=3D"32px"></td></tr><tr><td height=3D"18px" col=
span=3D"3"></td></tr></table></td></tr><tr><td><table bgcolor=3D"#FAFAFA" w=
idth=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" style=3D"min=
-width: 332px; max-width: 600px; border: 1px solid #F0F0F0; border-bottom: =
1px solid #C0C0C0; border-top: 0; border-bottom-left-radius: 3px; border-bo=
ttom-right-radius: 3px;"><tr height=3D"16px"><td width=3D"32px" rowspan=3D"=
3"></td><td></td><td width=3D"32px" rowspan=3D"3"></td></tr><tr><td><table =
style=3D"min-width: 300px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0=
"><tr><td style=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; =
font-size: 13px; color: #202020; line-height: 1.5;">Hi Pikov,</td></tr><tr>=
<td style=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; font-s=
ize: 13px; color: #202020; line-height: 1.5;">Someone just used your passwo=
rd to try to sign in to your Google Account <a>***@gmail.com</a>, using=
an application such as an email client or mobile device.<table border=3D"0=
" cellspacing=3D"0" cellpadding=3D"0" style=3D"margin-top: 16px; margin-bot=
tom: 16px;"><tr valign=3D"middle"><td width=3D"16px" ></td><td style=3D"lin=
e-height: 1.2;"><span style=3D"font-family: Roboto-Regular,Helvetica,Arial,=
sans-serif; font-size: 16px; color: #202020;">Details:</span><br><span styl=
e=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; font-size: 13p=
x; color: #727272;">Wednesday, November 30, 2016 8:32 PM (Central Standard =
Time)<br>Illinois, USA*</span></td></tr></table>Google stopped this sign-in=
attempt, but you should review your recently used devices:<br><br><a href=
=3D"https://accounts.google.com/AccountChooser?Email=***@gmail.com&am=
p;continue=3Dhttps://security.google.com/settings/security/activity?rfn%3D6=
%26rfnc%3D1%26et%3D0%26asae%3D2%26anexp%3Dire-f1" target=3D"_blank" style=
=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; display:inline-=
block; text-align: center; text-decoration: none; height: 36px; line-height=
: 36px; padding-left: 8px; padding-right: 8px; min-width: 88px; font-size: =
14px; font-weight: 400; color: #ffffff; background-color: #4184F3; border-r=
adius: 2px; border-width: 0px; box-shadow: 0 2px 5px 0 rgba(0,0,0,0.4);">RE=
VIEW YOUR DEVICES NOW</a></td></tr><tr height=3D"32px"></tr><tr><td style=
=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; font-size: 13px=
; color: #202020; line-height: 1.5;">Best,<br>The Google Accounts team</td>=
</tr><tr height=3D"16px"></tr><tr><td><table style=3D"font-family: Roboto-R=
egular,Helvetica,Arial,sans-serif; font-size: 12px; color: #B9B9B9; line-he=
ight: 1.5;"><tr><td>*The location is approximate and determined by the IP a=
ddress it was coming from.<br></td></tr><tr><td>This email can't receive re=
plies. For more information, visit the <a href=3D"https://support.google.co=
m/accounts" data-meta-key=3D"help" style=3D"text-decoration: none; color: #=
4285F4;" target=3D"_blank">Google Accounts Help Center</a>.</td></tr></tabl=
e></td></tr></table></td></tr><tr height=3D"32px"></tr></table></td></tr><t=
r height=3D"16"></tr><tr><td style=3D"max-width: 600px; font-family: Roboto=
-Regular,Helvetica,Arial,sans-serif; font-size: 10px; color: #BCBCBC; line-=
height: 1.5;"><tr><td><table style=3D"font-family: Roboto-Regular,Helvetica=
,Arial,sans-serif; font-size: 10px; color: #666666; line-height: 18px; padd=
ing-bottom: 10px"><tr><td>You received this mandatory email service announc=
ement to update you about important changes to your Google product or accou=
nt.</td></tr><tr><td><div style=3D"direction: ltr; text-align: left">&copy;=
2016 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA<=
/div></td></tr></table></td></tr></td></tr></table></td><td width=3D"32px">=
</td></tr><tr height=3D"32px"></tr></table></body></html>
--94eb2c1107786e466405428fb43c--

The base 64 stuff decodes to

Someone has your password

Hi XYZZY,
Someone just used your password to try to sign in to your Google Account
***@gmail.com, using an application such as an email client or mobile
device.

Details:
Wednesday, November 30, 2016 8:32 PM (Central Standard Time)
Illinois, USA*Google stopped this sign-in attempt, but you should review
your recently used devices:

REVIEW YOUR DEVICES NOW
<https://accounts.google.com/AccountChooser?Email=***@gmail.com&continue=https://security.google.com/settings/security/activity?rfn%3D6%26rfnc%3D1%26et%3D0%26asae%3D2%26anexp%3Dire-f1>

Best,
The Google Accounts team



*The location is approximate and determined by the IP address it was coming
from.

This email can't receive replies. For more information, visit the Google
Accounts Help Center <https://support.google.com/accounts>.



You received this mandatory email service announcement to update you about
important changes to your Google product or account.
© 2016 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
William Unruh
2016-12-06 01:54:46 UTC
Permalink
Post by Alek
Post by William Unruh
So why don't you post the full email from "google" here, with all
headers, full html, etc. You can go through and anonymize your name or your own ip,
but make only minimal changes. See if we agree this is not physhing. I
listed a number of clues that told me it was phishing. You listed one
that told you it was not.
Here you go!
I must admit that I cannot see anything obvious here either. I still
find the message very very strange.
Post by Alek
Received: by 10.194.87.227 with SMTP id bb3csp613249wjb;
Wed, 30 Nov 2016 18:37:38 -0800 (PST)
X-Received: by 10.107.173.9 with SMTP id w9mr12172816ioe.186.1480559858708;
Wed, 30 Nov 2016 18:37:38 -0800 (PST)
Received: from mail-io0-x245.google.com (mail-io0-x245.google.com.
[2607:f8b0:4001:c06::245])
by mx.google.com with ESMTPS id
r193si6938950ita.61.2016.11.30.18.37.38
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 30 Nov 2016 18:37:38 -0800 (PST)
Received-SPF: pass (google.com: domain of
designates 2607:f8b0:4001:c06::245 as permitted sender)
client-ip=2607:f8b0:4001:c06::245;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of
designates 2607:f8b0:4001:c06::245 as permitted sender)
dmarc=pass (p=REJECT dis=NONE) header.from=accounts.google.com
Received: by mail-io0-x245.google.com with SMTP id r101so41185350ioi.3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=accounts.google.com; s=20120806;
h=mime-version:date:feedback-id:message-id:subject:from:to;
bh=ATRu4Kp5kLk5/oN2Uhcpg6aE2fiC1lny8Qltj/CcVNI=;
b=Y5/7jCXUVE/xtR0UiG8nTcOKu6FbUr8TeJblrracDIh7XyxoZvh2ATqjEwGqGqRayB
K1nGWU4dTYbtRds7ANZZnDpvZnop1KPtiIRhM0mI9xchRALiqwZH3G2Dov75fxelE8Zv
LrLBKq8gZf8w4XM2JDJNt/eneHz+N7uE12XRDdqt2Eher4bMLmMlOxfiz/64za0RN15m
U/GwSHpis7ot9qXkgBeDP9TAcVqA5twP7FcbRYwxMk9KbqnIirkWSkyVXAan34Kc5I6e
iYDXCW5QxCK/G5n6fWB4OUajp0ULJjHUJcPdkTZrU2M9KGCHCM7etaAajrGI7ZX1IT2l
Ri3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:date:feedback-id:message-id:subject
:from:to;
bh=ATRu4Kp5kLk5/oN2Uhcpg6aE2fiC1lny8Qltj/CcVNI=;
b=JdRKQXxqJPMH2kbI1yr5AOo1m8wbu9EdiVMDyBcSC9mlKeu/1Borb66SKj5/k7XWzZ
L6O9NjJ/sYkioNZqNZbfziXvqvnKDg/M5vSkgXmkopVgwru3bc60DJjFM3t51YYHxovz
Lne4PPpL3wmvFNxA73pfislQPhstVgmXHlpGwj7jwAIINxgOOHCQKKYcwkw9AoIELzLJ
B4CoCJiMFrjdbzrOW80Q6IDRKzHyhkumDzM4LZm5TczPk5S3TKaH8bVCn0AfmxfYa/Kq
dMX1eJytEI2k7JCVMj+FUtq1fWMB8/DTEEw39AqXpVzbk556/YT4dse7cRybMTAakVon
U/0w==
AKaTC01OpddhVYhMZOfrWCnpKsDLuETUxuh51Y9Pt0NN/4Ubli0EwYiaA25DyhEP39jCqeWKX4Ro8u3PvqYO51dL
MIME-Version: 1.0
X-Received: by 10.157.12.97 with SMTP id
88mr8682637otr.68.1480559858435; Wed,
30 Nov 2016 18:37:38 -0800 (PST)
Date: Thu, 1 Dec 2016 02:32:07 +0000 (GMT)
X-Notifications: XEAAAAB1NKtLh5ZmJGvu2LwVzagc
X-Account-Notification-Type: 6-anexp#ire-f1
Feedback-ID: 6-anexp#ire-f1:account-notifier
Subject: Someone has your password
Content-Type: multipart/alternative; boundary=94eb2c1107786e466405428fb43c
--94eb2c1107786e466405428fb43c
Content-Type: text/plain; charset=UTF-8; format=flowed; delsp=yes
Content-Transfer-Encoding: base64
U29tZW9uZSBoYXMgeW91ciBwYXNzd29yZA0KDQoNCg0KSGkgUGlrb3YsDQpTb21lb25lIGp1c3Qg
dXNlZCB5b3VyIHBhc3N3b3JkIHRvIHRyeSB0byBzaWduIGluIHRvIHlvdXIgR29vZ2xlIEFjY291
bnQNCnBpa292MjJAZ21haWwuY29tLCB1c2luZyBhbiBhcHBsaWNhdGlvbiBzdWNoIGFzIGFuIGVt
YWlsIGNsaWVudCBvciBtb2JpbGUNCmRldmljZS4NCg0KRGV0YWlsczoNCldlZG5lc2RheSwgTm92
ZW1iZXIgMzAsIDIwMTYgODozMiBQTSAoQ2VudHJhbCBTdGFuZGFyZCBUaW1lKQ0KSWxsaW5vaXMs
IFVTQSpHb29nbGUgc3RvcHBlZCB0aGlzIHNpZ24taW4gYXR0ZW1wdCwgYnV0IHlvdSBzaG91bGQg
cmV2aWV3DQp5b3VyIHJlY2VudGx5IHVzZWQgZGV2aWNlczoNCg0KUkVWSUVXIFlPVVIgREVWSUNF
UyBOT1cNCjxodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vQWNjb3VudENob29zZXI/RW1haWw9
cGlrb3YyMkBnbWFpbC5jb20mY29udGludWU9aHR0cHM6Ly9zZWN1cml0eS5nb29nbGUuY29tL3Nl
dHRpbmdzL3NlY3VyaXR5L2FjdGl2aXR5P3JmbiUzRDYlMjZyZm5jJTNEMSUyNmV0JTNEMCUyNmFz
YWUlM0QyJTI2YW5leHAlM0RpcmUtZjE+DQoNCkJlc3QsDQpUaGUgR29vZ2xlIEFjY291bnRzIHRl
YW0NCg0KDQoNCipUaGUgbG9jYXRpb24gaXMgYXBwcm94aW1hdGUgYW5kIGRldGVybWluZWQgYnkg
dGhlIElQIGFkZHJlc3MgaXQgd2FzIGNvbWluZw0KZnJvbS4NCg0KVGhpcyBlbWFpbCBjYW4ndCBy
ZWNlaXZlIHJlcGxpZXMuIEZvciBtb3JlIGluZm9ybWF0aW9uLCB2aXNpdCB0aGUgR29vZ2xlDQpB
Y2NvdW50cyBIZWxwIENlbnRlciA8aHR0cHM6Ly9zdXBwb3J0Lmdvb2dsZS5jb20vYWNjb3VudHM+
Lg0KDQoNCg0KWW91IHJlY2VpdmVkIHRoaXMgbWFuZGF0b3J5IGVtYWlsIHNlcnZpY2UgYW5ub3Vu
Y2VtZW50IHRvIHVwZGF0ZSB5b3UgYWJvdXQNCmltcG9ydGFudCBjaGFuZ2VzIHRvIHlvdXIgR29v
Z2xlIHByb2R1Y3Qgb3IgYWNjb3VudC4NCsKpIDIwMTYgR29vZ2xlIEluYy4sIDE2MDAgQW1waGl0
aGVhdHJlIFBhcmt3YXksIE1vdW50YWluIFZpZXcsIENBIDk0MDQzLCBVU0ENCg==
--94eb2c1107786e466405428fb43c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<html lang=3D"en"><head><meta name=3D"format-detection" content=3D"date=3Dn=
o"><meta name=3D"format-detection" content=3D"email=3Dno"></head><body styl=
e=3D"margin: 0; padding: 0;" bgcolor=3D"#FFFFFF"><table width=3D"100%" heig=
ht=3D"100%" style=3D"min-width: 348px;" border=3D"0" cellspacing=3D"0" cell=
padding=3D"0"><tr height=3D"32px"></tr><tr align=3D"center"><td width=3D"32=
px"></td><td><table border=3D"0" cellspacing=3D"0" cellpadding=3D"0" style=
=3D"max-width: 600px;"><tr><td><table width=3D"100%" border=3D"0" cellspaci=
ng=3D"0" cellpadding=3D"0"><tr><td align=3D"left"><img width=3D"92" height=
=3D"32" src=3D"https://www.gstatic.com/accountalerts/email/googlelogo_color=
_188x64dp.png" style=3D"display: block; width: 92px; height: 32px;"></td><t=
d align=3D"right"><img width=3D"32" height=3D"32" style=3D"display: block; =
width: 32px; height: 32px;" src=3D"https://www.gstatic.com/accountalerts/em=
ail/shield.png"></td></tr></table></td></tr><tr height=3D"16"></tr><tr><td>=
<table bgcolor=3D"#D94235" width=3D"100%" border=3D"0" cellspacing=3D"0" ce=
llpadding=3D"0" style=3D"min-width: 332px; max-width: 600px; border: 1px so=
lid #E0E0E0; border-bottom: 0; border-top-left-radius: 3px; border-top-righ=
t-radius: 3px;"><tr><td height=3D"72px" colspan=3D"3"></td></tr><tr><td wid=
th=3D"32px"></td><td style=3D"font-family: Roboto-Regular,Helvetica,Arial,s=
ans-serif; font-size: 24px; color: #FFFFFF; line-height: 1.25;">Someone has=
your password</td><td width=3D"32px"></td></tr><tr><td height=3D"18px" col=
span=3D"3"></td></tr></table></td></tr><tr><td><table bgcolor=3D"#FAFAFA" w=
idth=3D"100%" border=3D"0" cellspacing=3D"0" cellpadding=3D"0" style=3D"min=
-width: 332px; max-width: 600px; border: 1px solid #F0F0F0; border-bottom: =
1px solid #C0C0C0; border-top: 0; border-bottom-left-radius: 3px; border-bo=
ttom-right-radius: 3px;"><tr height=3D"16px"><td width=3D"32px" rowspan=3D"=
3"></td><td></td><td width=3D"32px" rowspan=3D"3"></td></tr><tr><td><table =
style=3D"min-width: 300px;" border=3D"0" cellspacing=3D"0" cellpadding=3D"0=
"><tr><td style=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; =
font-size: 13px; color: #202020; line-height: 1.5;">Hi Pikov,</td></tr><tr>=
<td style=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; font-s=
ize: 13px; color: #202020; line-height: 1.5;">Someone just used your passwo=
an application such as an email client or mobile device.<table border=3D"0=
" cellspacing=3D"0" cellpadding=3D"0" style=3D"margin-top: 16px; margin-bot=
tom: 16px;"><tr valign=3D"middle"><td width=3D"16px" ></td><td style=3D"lin=
e-height: 1.2;"><span style=3D"font-family: Roboto-Regular,Helvetica,Arial,=
sans-serif; font-size: 16px; color: #202020;">Details:</span><br><span styl=
e=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; font-size: 13p=
x; color: #727272;">Wednesday, November 30, 2016 8:32 PM (Central Standard =
Time)<br>Illinois, USA*</span></td></tr></table>Google stopped this sign-in=
attempt, but you should review your recently used devices:<br><br><a href=
p;continue=3Dhttps://security.google.com/settings/security/activity?rfn%3D6=
%26rfnc%3D1%26et%3D0%26asae%3D2%26anexp%3Dire-f1" target=3D"_blank" style=
=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; display:inline-=
block; text-align: center; text-decoration: none; height: 36px; line-height=
: 36px; padding-left: 8px; padding-right: 8px; min-width: 88px; font-size: =
14px; font-weight: 400; color: #ffffff; background-color: #4184F3; border-r=
adius: 2px; border-width: 0px; box-shadow: 0 2px 5px 0 rgba(0,0,0,0.4);">RE=
VIEW YOUR DEVICES NOW</a></td></tr><tr height=3D"32px"></tr><tr><td style=
=3D"font-family: Roboto-Regular,Helvetica,Arial,sans-serif; font-size: 13px=
; color: #202020; line-height: 1.5;">Best,<br>The Google Accounts team</td>=
</tr><tr height=3D"16px"></tr><tr><td><table style=3D"font-family: Roboto-R=
egular,Helvetica,Arial,sans-serif; font-size: 12px; color: #B9B9B9; line-he=
ight: 1.5;"><tr><td>*The location is approximate and determined by the IP a=
ddress it was coming from.<br></td></tr><tr><td>This email can't receive re=
plies. For more information, visit the <a href=3D"https://support.google.co=
m/accounts" data-meta-key=3D"help" style=3D"text-decoration: none; color: #=
4285F4;" target=3D"_blank">Google Accounts Help Center</a>.</td></tr></tabl=
e></td></tr></table></td></tr><tr height=3D"32px"></tr></table></td></tr><t=
r height=3D"16"></tr><tr><td style=3D"max-width: 600px; font-family: Roboto=
-Regular,Helvetica,Arial,sans-serif; font-size: 10px; color: #BCBCBC; line-=
height: 1.5;"><tr><td><table style=3D"font-family: Roboto-Regular,Helvetica=
,Arial,sans-serif; font-size: 10px; color: #666666; line-height: 18px; padd=
ing-bottom: 10px"><tr><td>You received this mandatory email service announc=
ement to update you about important changes to your Google product or accou=
nt.</td></tr><tr><td><div style=3D"direction: ltr; text-align: left">&copy;=
2016 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA<=
/div></td></tr></table></td></tr></td></tr></table></td><td width=3D"32px">=
</td></tr><tr height=3D"32px"></tr></table></body></html>
--94eb2c1107786e466405428fb43c--
The base 64 stuff decodes to
Someone has your password
Hi XYZZY,
Someone just used your password to try to sign in to your Google Account
device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time)
Illinois, USA*Google stopped this sign-in attempt, but you should review
REVIEW YOUR DEVICES NOW
Best,
The Google Accounts team
*The location is approximate and determined by the IP address it was coming
from.
This email can't receive replies. For more information, visit the Google
Accounts Help Center <https://support.google.com/accounts>.
You received this mandatory email service announcement to update you about
important changes to your Google product or account.
?? 2016 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Alek
2016-12-06 06:52:47 UTC
Permalink
Post by William Unruh
Post by Alek
Post by William Unruh
So why don't you post the full email from "google" here, with all
headers, full html, etc. You can go through and anonymize your name or your own ip,
but make only minimal changes. See if we agree this is not physhing. I
listed a number of clues that told me it was phishing. You listed one
that told you it was not.
Here you go!
I must admit that I cannot see anything obvious here either. I still
find the message very very strange.
To me, it's obviously legit!
William Unruh
2016-12-05 00:27:04 UTC
Permalink
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
What does this really mean?
It means that some hacker is trying to get you to push that button so
you can "review your recently used devices", and type in your password.
That way they will have your password.

If they really used your password they would have signed in (not tried)
and google would have no way of knowing that it was someone rather than
you who did it.
Post by Alek
How could that person/entity get my passwords? IOW is there some basic
security practice I'm missing? Don't they need to be able to access to
one or more of my computers/smartphones to get passwords?
Thanks.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Alek
2016-12-05 00:45:20 UTC
Permalink
Post by William Unruh
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
What does this really mean?
It means that some hacker is trying to get you to push that button so
you can "review your recently used devices", and type in your password.
That way they will have your password.
The URL for "Review your devices now" begins

https://accounts.google.com

Doesn't look like a hacker site to me. :-)

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
William Unruh
2016-12-05 00:50:33 UTC
Permalink
Post by Alek
Post by William Unruh
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
What does this really mean?
It means that some hacker is trying to get you to push that button so
you can "review your recently used devices", and type in your password.
That way they will have your password.
The URL for "Review your devices now" begins
https://accounts.google.com
Doesn't look like a hacker site to me. :-)
Are you sure? That may be the public visible one, but it actually points
elsewhere.
Post by Alek
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Alek
2016-12-05 01:11:06 UTC
Permalink
Post by William Unruh
Post by Alek
Post by William Unruh
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
What does this really mean?
It means that some hacker is trying to get you to push that button so
you can "review your recently used devices", and type in your password.
That way they will have your password.
The URL for "Review your devices now" begins
https://accounts.google.com
Doesn't look like a hacker site to me. :-)
Are you sure? That may be the public visible one, but it actually points
elsewhere.
That's what shows up on the status bar.
Joe Beanfish
2016-12-05 14:38:47 UTC
Permalink
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
What does this really mean?
How could that person/entity get my passwords? IOW is there some basic
security practice I'm missing? Don't they need to be able to access to
one or more of my computers/smartphones to get passwords?
Perhaps your mobile device connected to google while you were at
a location you don't frequent.
Casper H.S. Dik
2016-12-05 15:09:43 UTC
Permalink
Post by Joe Beanfish
Perhaps your mobile device connected to google while you were at
a location you don't frequent.
I would suggest that google would recognize it as one of your known
devices.

(I've taking my devices all over the world and I've never had
such an error; that would be strange especially was the whole
point of Android devices is being mobile)

Casper
Alek
2016-12-05 19:09:13 UTC
Permalink
Post by Casper H.S. Dik
Post by Joe Beanfish
Perhaps your mobile device connected to google while you were at
a location you don't frequent.
I would suggest that google would recognize it as one of your known
devices.
(I've taking my devices all over the world and I've never had
such an error; that would be strange especially was the whole
point of Android devices is being mobile)
Casper
I on the other hand am practically a shut-in and haven't gone more than
30 minutes from home in at least a year.
Joe Beanfish
2016-12-06 14:29:07 UTC
Permalink
Post by Casper H.S. Dik
Post by Joe Beanfish
Perhaps your mobile device connected to google while you were at
a location you don't frequent.
I would suggest that google would recognize it as one of your known
devices.
You might think so. But I've gotten that msg on occasion and every
time I study the GPS and day/time it turns out to be when and where
I was. The complaint may be in part because I use a non-google email
client (K9) or because I used their WiFi (password protected fwiw).
Post by Casper H.S. Dik
(I've taking my devices all over the world and I've never had
such an error; that would be strange especially was the whole
point of Android devices is being mobile)
Casper
Alek
2016-12-06 19:04:45 UTC
Permalink
Post by Joe Beanfish
Post by Casper H.S. Dik
Post by Joe Beanfish
Perhaps your mobile device connected to google while you were at
a location you don't frequent.
I would suggest that google would recognize it as one of your known
devices.
You might think so. But I've gotten that msg on occasion and every
time I study the GPS and day/time it turns out to be when and where
I was. The complaint may be in part because I use a non-google email
client (K9) or because I used their WiFi (password protected fwiw).
The google email said Illinois and I'm in NJ.

I use K9 also,

Whose wifi is that?
w***@gmail.com
2017-03-14 20:56:46 UTC
Permalink
Post by Alek
Hi [username],
Someone just used your password to try to sign in to your Google Account
mobile device.
Wednesday, November 30, 2016 8:32 PM (Central Standard Time) Illinois, USA*
Google stopped this sign-in attempt, but you should review your recently
What does this really mean?
How could that person/entity get my passwords? IOW is there some basic
security practice I'm missing? Don't they need to be able to access to
one or more of my computers/smartphones to get passwords?
Thanks.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Continue reading on narkive:
Loading...