PDA

View Full Version : how can someone get my gmail password?



macgig
01-04-2018, 07:43 PM
got a email this morning at 2am that someone got my gmail password and tried to log in (but failed) on a new gmail account I made 2 months ago but I have not used yet. I've not even shared this new email with anyone so how did they know it existed? so I'm trying to figure out how they got my password. it's over 12 characters long, very complicated to guess. this has me baffled and a little concerned. any thoughts on this before the forums get shut down? :)

Raz0rEdge
01-04-2018, 07:47 PM
If they failed to login, then they don't have your password. Trying to hack into accounts is what people do, so no worries. If you are paranoid about the attempt, go ahead and change it to another password.

macgig
01-04-2018, 08:05 PM
I did change the password. the message google sent me said someone has my password. but google prevented the login

chscag
01-04-2018, 08:59 PM
If someone had your password, how did Google know it wasn't you? Also, it's very unlikely someone would be able to guess at a complex password and why to an account that wasn't used? The whole episode sounds suspicious.

Perhaps your new account along with others was under a broad based attack by hackers to gain entry to valid working gmail accounts. That sort of thing happens quite often. Ask the folks at Yahoo. ;)

MacInWin
01-04-2018, 09:04 PM
And did you click on the "No, secure account" button and change the password through that? If so, the perps now have your new password. That's part of the scam.

chscag
01-04-2018, 09:34 PM
@macgig:

I just received two of the same messages that you did. Google says they're Spam and designed to obtain your passwords and personal data. Do not ever respond to those type of messages especially since Google is aware of the entrapment schemes.

If you would have gone to the web mail portian of your gmail account you would have seen that.

pigoo3
01-04-2018, 09:37 PM
got a email this morning at 2am that someone got my gmail password and tried to log in (but failed) on a new gmail account I made 2 months ago but I have not used yet.

Did you double check that this warning email came from Google/gmail?

Scammers sent out these sort of official looking email's all the time trying to dupe users into revealing their account info. Many times when you check the sender's email address...it can be something as silly as "boblikesdoughnuts@yahoo.com".;)

- Nick

macgig
01-05-2018, 05:26 AM
the email seems legit its from google. my gmail account showed the IP that tried to log in. but I'm unable to find any information on that IP which I thought was weird.

badshoehabit
01-05-2018, 07:35 AM
It's a scam.

IWT
01-05-2018, 07:40 AM
In my view, this has all the hallmarks of a scam.

As others have said before me, you have the option of forgetting the whole thing; or going on to the website via your browser and logging in that way and changing things (like PW).

In fact, I would do that now because, as I understand it, (Jake said it first), your new PW may already be known.

Another option, again formally via the web site, is to create a new Gmail account and delete the other if you can - after all you haven't used it and nobody knows about it apart from you + hacker??

Ian

pigoo3
01-05-2018, 09:14 AM
the email seems legit its from google. my gmail account showed the IP that tried to log in. but I'm unable to find any information on that IP which I thought was weird.

Again...make sure very very carefully that the sender of this email was from google. That's google.com...not google.org...not google.net...not google.tv...no different country codes...no funny single characters inserted to make it look almost like google.

- Nick

Raz0rEdge
01-05-2018, 09:23 AM
Look at the email in Inbox (Google web client) and click on the three vertical dots on the message, on the left of it should ONLY be the date the email was received. Once you click on those dots, click Show Original in the drop down menu which show you the "code" for that email. Now look through it and find all of the HTTP and HTTPS references which are the URLs those buttons would send you and see where they are going.

A quick search on Google Images does indicate that the look of that email is legit. The above analysis will also further prove it's legit based on the URLs.

chscag
01-05-2018, 02:40 PM
the email seems legit its from google. my gmail account showed the IP that tried to log in. but I'm unable to find any information on that IP which I thought was weird.

It is not "legit". As I stated to you above, Google says it's a scam. The IP address that placed that and other messages is a known scammer and spammer. It's OK to be overly cautious but you do need to know that there are hackers and scammers that would love to get hold of your personal info.

pm-r
01-05-2018, 03:58 PM
got a email this morning at 2am that someone got my gmail password and tried to log in (but failed) on a new gmail account I made 2 months ago but I have not used yet.

I've not even shared this new email with anyone so how did they know it existed? so I'm trying to figure out how they got my password.

In most such instances, they didn't know anything about you, your existence, your email accounts or any passwords, but probably adjust a mailbox making an attempt.

You'll only need to worry it you or your friends ever get a "real" email from you to them or yourself. But then that's actually another problem completely and I think has been mostly stamped out completely I think and was due to an old MS Outlook user having you and your emailaddress in their Outlook address book.

As Ashwin first said and others. you're safe and no-one has your password.

Their login attempt FAILED!!! Because they didn't and don't have your password. Simple.

Just Carry On…




- Patrick
======

Rod Sprague
01-05-2018, 05:48 PM
The rule I follow is to never click on a link that asks you to change your password. If you believe it may be true close the email and log into the email providers site and change the password from your preferences there.

macgig
01-05-2018, 06:18 PM
thanks for the help. its the most realistic fake alert I've seen in a long time. if it is fake then the scary part is I fell for it. let my guard down a little more than Id like to admit. :\

dtravis7
01-05-2018, 07:05 PM
I will throw this out there just in case. Macgig, do you ever use a VPN? I do on one system for some sites and forgot I had it enabled. I checked my google email and opened google chat. I got a message from Google very much like yours with a map showing where and the IP address and asking if it was me. It was the VPN as I was logged in to the VPN in England and it looked suspicious to Google as I have never been out of the USA! I was actually grateful they were looking out for me.

If you do not use a VPN then disregard the above, but maybe it might help someone else in the future.

Otherwise I agree with the others here that it was a fake alert. I do get them also, but the one I described above was very real and matched exactly where the VPN I was using was located.

macgig
01-05-2018, 07:11 PM
I have tunnel bear installed on my mac but I never use it.

macgig
01-05-2018, 07:12 PM
I did change the password just in case. not using the link in the email.

Rod Sprague
01-05-2018, 07:56 PM
Dennis you beat me to it. My Microsoft email will ask for confirmation of unrecognised activity if I have the VPN set to say Singapore or any country I have not visited before. It does provide a link to my account but I don't use it. I just login to my account on my browser and confirm it was me.

dtravis7
01-05-2018, 08:08 PM
I did change the password just in case. not using the link in the email.

You did the right thing. So far, I have been lucky with my gmail account.

pm-r
01-05-2018, 10:39 PM
thanks for the help. its the most realistic fake alert I've seen in a long time.

Maybe I'm missing something, but I don't see anything "fake" about the email alert you got at all that you mentioned in your #1 post.

It seems that your gmail server was alerting you that there was some suspicious attempt dealing with your email account.

Pretty normal practice from a good service provider to me.




- Patrick
======

chscag
01-06-2018, 02:30 AM
Maybe I'm missing something

It does look real. Did you read thru the entire thread and see where I received two such messages that were exactly the same as macgig got? Google says they are not from them and are an attempt at hacking accounts in order to obtain your personal information.

badshoehabit
01-06-2018, 08:29 AM
Maybe I'm missing something, but I don't see anything "fake" about the email alert you got at all that you mentioned in your #1 post.

It seems that your gmail server was alerting you that there was some suspicious attempt dealing with your email account.

Pretty normal practice from a good service provider to me.




- Patrick
======

They all look real, that's why people fall for them; ditto phone calls, especially after reporting a fault, offering to sort out your broadband, etc, etc. I get a batch about PayPal, TalkTalk, report them, then all goes quiet for a while.

My rule is that if I haven't initiated anything, I treat it as suspicious. Having said that, I fell for a scam internet site selling high quality branded clothing. Luckily my bank contacted me (I was suspicious about that!) and I got my money back.

macgig
01-06-2018, 09:33 AM
google is among the best for free email providers. they take security very seriously. but at a price. we have no privacy. they spy on everything we do. and do whatever they want with our personal information. not just google but all companies, the government. nothing we do online is private. It probably never was, I just assumed that it was for many years.

I'm confused. how can this be fake? its clear to me google sent it. sure looks like it. when I mouse over the link in the email it takes me to my google account settings. if it were fake the link in there would go to another website to trick me correct?

I'm not convinced its fake but I sure hope you guys are right. :)

macgig
01-06-2018, 09:37 AM
just got this one. in spam. this one is clearly fake. easy to see.

MacInWin
01-06-2018, 10:03 AM
google is among the best for free email providers. they take security very seriously. but at a price. we have no privacy. they spy on everything we do. and do whatever they want with our personal information. not just google but all companies, the government. nothing we do online is private. It probably never was, I just assumed that it was for many years.

I'm confused. how can this be fake? its clear to me google sent it. sure looks like it. when I mouse over the link in the email it takes me to my google account settings. if it were fake the link in there would go to another website to trick me correct?

I'm not convinced its fake but I sure hope you guys are right. :)You might want to read about man-in-the-middle attacks. Here is a link: https://en.wikipedia.org/wiki/Man-in-the-middle_attack

badshoehabit
01-06-2018, 10:10 AM
google is among the best for free email providers. they take security very seriously. but at a price. we have no privacy. they spy on everything we do. and do whatever they want with our personal information. not just google but all companies, the government. nothing we do online is private. It probably never was, I just assumed that it was for many years.

I'm confused. how can this be fake? its clear to me google sent it. sure looks like it. when I mouse over the link in the email it takes me to my google account settings. if it were fake the link in there would go to another website to trick me correct?

I'm not convinced its fake but I sure hope you guys are right. :)

If you believe it's real, ok, but NEVER use a link in an email like this to access your account. Go to the website through your browser, log in and change your password if you are suspicious.

From the horse's mouth - Google or Gmail will never ask you to provide this type of information in an email. REPORT IT!
https://support.google.com/mail/answer/8253?hl=en

There are thousands of references to Google mail phishing scams online which you can find with a simple search. https://www.google.co.uk/search?q=google+email+scams+2017&rlz=1C5CHFA_enGB731GB739&oq=google+email+scam&aqs=chrome.2.0j69i57j0l3j69i64.7542j0j4&sourceid=chrome&ie=UTF-8

macgig
01-06-2018, 11:46 AM
just set this up in my gmail. a little trap. you email yourself an email with a nice juicy title like "passwords personal info paypal etc". it wont stop an intruder but if one gets in and sees this email and clicks the fake link in that email, I get a notice and it tells me someone is poking around my email account. you can set this up for your computers as well. :)

https://www.stationx.net/canarytokens/

pm-r
01-06-2018, 12:52 PM
It does look real. Did you read thru the entire thread and see where I received two such messages that were exactly the same as macgig got?

I'm confused. how can this be fake? its clear to me google sent it. sure looks like it.

You might want to read about man-in-the-middle attacks.


Yup, read the whole thread Charlie and all the variables, but I was just replying to the OP's original thread subject post:
how can someone get my gmail password?

SCAMS and Phishing or ISP/server emails are completely different to me and seldom involve the use of one's actual email password, and the question asked — unless there's something new I don't know about???? :[



- Patrick
======