Is Google “Suspicious Connection” Warning Email Legit?

It’s possible that Google could send you an email about a possible security breach of your account, but odds are much better that it’s a scam or what’s known as a phishing attempt. The problem is, anyone can send email that makes it look like it’s from someone else, so with a little bit of effort, a junk message can absolutely look like a legit email from a trusted source. If you don’t carefully read through it and look for clues, it could trick you into logging into a fake page and giving a criminal or curious hacker your account credentials. Not good!

Then again, there are also junk messages purporting to be legit that are so badly done that you’d have to be completely distracted and almost deliberately gullible to believe they even might be legit. Real email from an organization won’t have typos, weird misspellings or amateur graphics, and links will go where you expect, not to some random weird third-party site – often overseas – that has no logical connection with the sender.

For example, here’s a Suspicious Connection email in my Gmail spam folder:

See it? #2 on that list. Now, if Google were to send along a warning of a “suspicious connection”, why wouldn’t it have “Google” or “Gmail Security” or similar as the sender? I’m already quite skeptical this is legit and I haven’t even opened the message up yet.

A click to open it and is this something you’d believe is legit?

There are so many indications it’s not legitimate, but you don’t have to get past the sender to know this is a scam: “•d1taylor• <d1taylor.660@rf-cheats.ru>” is a long, long way from a legit Gmail message. In fact, the ‘.ru’ top level domain is Romania. And I’m 100% sure that you’re not going to get an email from Romania that’s from Google, regardless of its content.

But sometimes people get scared or anxious that these kind of messages might be legit, so they click anyway. Just in case. In this case, before you click, you can see the odd link under the “Yes me !” button:

Along the bottom you can see what’s known as a “mailto:” link and the first email address on the list is pornhub at supportunsubus.us. Pornhub? A mailto link at all? Why have a button that links to an email address, as opposed to a Web page where you could verify your online usage?

But, I know, you’re still a bit worried. Okay, so click on “Yes me !” or “not me !” and you’ll actually get an email message pop open with a bunch of destinations already specified:

A very strange list of recipients, really, and not one of them could even possibly be Gmail. I hope that you’ve already long-since abandoned this original email message as bogus spam, however, and never got this far.

Curious how this works? Here’s my best guess: one of the email addresses is a program that collects the email addresses of people who send this email, putting them on an “active, scam ’em!” list knowing that you were susceptible to this message. 13 of the 14 emails are junk to cover their tracks, while the 14th is the bad guy and with a bit of additional detective work you could probably track it down.

For now, however, just be super skeptical of email and be careful out there!

Pro Tip: I’ve been writing about scams, spam and phishing attacks for many years. Please check out my computer basics area for more information and help pages.