I’m worried someone has hacked into my Gmail account! I got an email saying that there have been “suspicious connections” to my account. How do I proceed?
It’s possible that Google could send you an email about a possible security breach of your account, but odds are much better that it’s a scam or what’s known as a phishing attempt. The problem is, anyone can send email that makes it look like it’s from someone else, so with a little bit of effort, a junk message can absolutely look like a legit email from a trusted source. If you don’t carefully read through it and look for clues, it could trick you into logging into a fake page and giving a criminal or curious hacker your account credentials. Not good!
Then again, there are also junk messages purporting to be legit that are so badly done that you’d have to be completely distracted and almost deliberately gullible to believe they even might be legit. Real email from an organization won’t have typos, weird misspellings or amateur graphics, and links will go where you expect, not to some random weird third-party site – often overseas – that has no logical connection with the sender.
For example, here’s a Suspicious Connection email in my Gmail spam folder:
See it? #2 on that list. Now, if Google were to send along a warning of a “suspicious connection”, why wouldn’t it have “Google” or “Gmail Security” or similar as the sender? I’m already quite skeptical this is legit and I haven’t even opened the message up yet.
A click to open it and is this something you’d believe is legit?
There are so many indications it’s not legitimate, but you don’t have to get past the sender to know this is a scam: “•d1taylor• <d1taylor.660@rf-cheats.ru>” is a long, long way from a legit Gmail message. In fact, the ‘.ru’ top level domain is Romania. And I’m 100% sure that you’re not going to get an email from Romania that’s from Google, regardless of its content.
But sometimes people get scared or anxious that these kind of messages might be legit, so they click anyway. Just in case. In this case, before you click, you can see the odd link under the “Yes me !” button:
Along the bottom you can see what’s known as a “mailto:” link and the first email address on the list is pornhub at supportunsubus.us. Pornhub? A mailto link at all? Why have a button that links to an email address, as opposed to a Web page where you could verify your online usage?
But, I know, you’re still a bit worried. Okay, so click on “Yes me !” or “not me !” and you’ll actually get an email message pop open with a bunch of destinations already specified:
A very strange list of recipients, really, and not one of them could even possibly be Gmail. I hope that you’ve already long-since abandoned this original email message as bogus spam, however, and never got this far.
Curious how this works? Here’s my best guess: one of the email addresses is a program that collects the email addresses of people who send this email, putting them on an “active, scam ’em!” list knowing that you were susceptible to this message. 13 of the 14 emails are junk to cover their tracks, while the 14th is the bad guy and with a bit of additional detective work you could probably track it down.
For now, however, just be super skeptical of email and be careful out there!
Pro Tip: I’ve been writing about scams, spam and phishing attacks for many years. Please check out my computer basics area for more information and help pages.
I actually clicked the not me button and the email window popped up.
I didn’t click send. Nothing will happen if I didn’t click send right?
You’re safe. Glad you figured out something weird was going on and stopped!
Hi Dave,
Thank you for this helpful article.
Actually, a few hours ago, I received the same email you described.
The first thing I’ve noticed is that the link is pointing to “mailto”, which is suspicious.
That’s why, I started googling and I found your article, which helped me understand more.
I’ve checked the 13 email adresses of the “mailto” that I have on the link and found the exact 13 of the 14 you have in the screenshot.
Before founding your article, I’ve read that when you report an email as a phishing, you start to receive these kind of emails after that.
Which is the case for me, 2 days ago, I received a suspicious email and I’ve reported it as a phishing.
That’s why I think that your guess is correct : “one of the email addresses is a program that collects the email addresses of people who send this email, putting them on an “active, scam ’em!" list knowing that you were susceptible to this message”
And I think my email address is in this kind of list.
Thank you again for this article ^^
Hi Dave,
Here is a list of all the country codes.
http://www.fao.org/countryprofiles/iso3list/en/#
Best Regards,
Hi Dave,
I think the top level domain ru is Russia not Romania which is ro.
Ah, I believe you’re correct. Thanks for the update!