Help gmail security question

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Help gmail security question

Post by rec7 » Tue Jan 09, 2018 8:15 pm

Someone put a backup phone number in on my gmail account. The number does not belong to me. Did someone break into my account? I had two factor on when it happened.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

sksbog
Posts: 188
Joined: Wed Jun 20, 2012 9:14 pm

Re: Help gmail security question

Post by sksbog » Tue Jan 09, 2018 8:17 pm

This is a tuffy.
Can you email/call Google android support and ask?

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Tue Jan 09, 2018 8:49 pm

Is there a phone number I could call gmail I am sick over this. I use one email for everything.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

User avatar
Tycoon
Posts: 1230
Joined: Wed Mar 28, 2012 7:06 pm

Re: Help gmail security question

Post by Tycoon » Tue Jan 09, 2018 8:52 pm

Log into your account and change the number, your password, and two-factor authorization.
...I might be just beginning | I might be near the end. Enya | | C'est la vie

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Tue Jan 09, 2018 8:56 pm

I have my vanguard and my credit unions sent to this email so they would know them all. Plus I use my real name as my email. They did this seven months ago. I am just scared right now. But I will do what you said.
Last edited by rec7 on Tue Jan 09, 2018 8:57 pm, edited 1 time in total.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

bgf
Posts: 475
Joined: Fri Nov 10, 2017 9:35 am

Re: Help gmail security question

Post by bgf » Tue Jan 09, 2018 8:56 pm

there is a way through google support or settings to see all the devices that have logged in on your account. if you recognize all the devices, then you are probably ok. on that same screen you can also lock out all devices forcing you to resign in on everything with a new password and two factor.

go to myaccount.google.com/security
“TE OCCIDERE POSSUNT SED TE EDERE NON POSSUNT NEFAS EST"

User avatar
Tycoon
Posts: 1230
Joined: Wed Mar 28, 2012 7:06 pm

Re: Help gmail security question

Post by Tycoon » Tue Jan 09, 2018 9:04 pm

rec7 wrote:
Tue Jan 09, 2018 8:56 pm
I have my vanguard and my credit unions sent to this email so they would know them all. Plus I use my real name as my email. They did this seven months ago. I am just scared right now. But I will do what you said.
I'd like to think that if someone hacked your accounts they wouldn't wait seven months to drain them. However, one can never be too safe. You might consider getting a new email address with another provider (Outlook) and revise your accounts to reflect the new email address. Or you could open another gmail account and switch everything to that one.
...I might be just beginning | I might be near the end. Enya | | C'est la vie

Finridge
Posts: 402
Joined: Mon May 16, 2011 7:27 pm

Re: Help gmail security question

Post by Finridge » Tue Jan 09, 2018 9:19 pm

bgf wrote:
Tue Jan 09, 2018 8:56 pm
there is a way through google support or settings to see all the devices that have logged in on your account. if you recognize all the devices, then you are probably ok. on that same screen you can also lock out all devices forcing you to resign in on everything with a new password and two factor.

go to myaccount.google.com/security
+1

Also, make sure that all computers and devices that you use with this account have all security updates installed. Make sure your firewall is turned on. Make sure your anti-malware software is turned and running regular scans.

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Tue Jan 09, 2018 9:34 pm

Well I did everything you guys told me. I am just stumped how they got it with two factor on. I got a notice from gmail that someone was trying to get into my account in Jan. so I turn on two factor. Then in May the new phone number was added. I did see one other device that was on now I only see one.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

tibbitts
Posts: 7800
Joined: Tue Feb 27, 2007 6:50 pm

Re: Help gmail security question

Post by tibbitts » Tue Jan 09, 2018 9:36 pm

I think you have to be realistic in terms of the support you can expect if this is a free vs. paid Google email account. Paid accounts get more attention, as they should. Have you viewed your access history and notice any session that weren't yours?

Also are you sure no other settings were changed, such as forwarding?

TravelGeek
Posts: 2115
Joined: Sat Oct 25, 2014 3:23 pm

Re: Help gmail security question

Post by TravelGeek » Tue Jan 09, 2018 9:50 pm

rec7 wrote:
Tue Jan 09, 2018 8:49 pm
I use one email for everything.
It might be good to reconsider that and have a “publicly known” email address (the one you currently use) and one that you only use for receiving notifications/messages from financial service providers.

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Tue Jan 09, 2018 10:06 pm

TravelGeek wrote:
Tue Jan 09, 2018 9:50 pm
rec7 wrote:
Tue Jan 09, 2018 8:49 pm
I use one email for everything.
It might be good to reconsider that and have a “publicly known” email address (the one you currently use) and one that you only use for receiving notifications/messages from financial service providers.
That crossed my mind. I should have done that at the start. Vanguard and credit unions only on that email everything else on the old email.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Tue Jan 09, 2018 10:08 pm

rec7 wrote:
Tue Jan 09, 2018 10:06 pm
TravelGeek wrote:
Tue Jan 09, 2018 9:50 pm
rec7 wrote:
Tue Jan 09, 2018 8:49 pm
I use one email for everything.
It might be good to reconsider that and have a “publicly known” email address (the one you currently use) and one that you only use for receiving notifications/messages from financial service providers.
That crossed my mind. I should have done that at the start. Vanguard and credit unions only on that email everything else on the old email. I pray everything will be alright and those things will get a new email. The scary thing is that person knows all the places I keep money at. That account had 10 years of email on it.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Wed Jan 10, 2018 9:37 am

I think I figured out how they got in. They must have got in before I added two factor. Then once they were in they added their number as a backup number for two factor. That is my only guess. Is there an easy way to erase 10 years of emails on a gmail account. Do you have to check every box one by one?
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

bungalow10
Posts: 2198
Joined: Sat Apr 09, 2011 6:28 am
Location: Chicago North Shore

Re: Help gmail security question

Post by bungalow10 » Wed Jan 10, 2018 9:39 am

rec7 wrote:
Wed Jan 10, 2018 9:37 am
I think I figured out how they got in. They must have got in before I added two factor. Then once they were in they added their number as a backup number for two factor. That is my only guess. Is there an easy way to erase 10 years of emails on a gmail account. Do you have to check every box one by one?
Kinda late (and pointless) to delete the emails now. Remove the phone number and change your password and authentication.
An elephant for a dime is only a good deal if you need an elephant and have a dime.

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Wed Jan 10, 2018 9:42 am

I did all that but would like to erase all these email so if someone were to get back in the info. would be limited. Maybe erase once a week.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

JohnFiscal
Posts: 597
Joined: Mon Jan 06, 2014 4:28 pm
Location: Florida

Re: Help gmail security question

Post by JohnFiscal » Wed Jan 10, 2018 9:46 am

I would be tempted to call the phone number. First, I'd ask for "Joe" and play it as a wrong number (dialed wrong). Once I scoped out the number and who/how answered I would call and give them the good news that they were awarded a prize of free pizzas and our people would be down to deliver them, just need their address.

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Wed Jan 10, 2018 9:52 am

JohnFiscal wrote:
Wed Jan 10, 2018 9:46 am
I would be tempted to call the phone number. First, I'd ask for "Joe" and play it as a wrong number (dialed wrong). Once I scoped out the number and who/how answered I would call and give them the good news that they were awarded a prize of free pizzas and our people would be down to deliver them, just need their address.
Yeah I was tempted to call it. The thing is I think it is nosy distant hometown relatives. I traced the number it is in the same town I am in. They Vanguard, a few credit union, ebay and amazon are the only ones that have the email.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

JohnFiscal
Posts: 597
Joined: Mon Jan 06, 2014 4:28 pm
Location: Florida

Re: Help gmail security question

Post by JohnFiscal » Wed Jan 10, 2018 11:24 am

rec7 wrote:
Wed Jan 10, 2018 9:52 am
JohnFiscal wrote:
Wed Jan 10, 2018 9:46 am
I would be tempted to call the phone number. First, I'd ask for "Joe" and play it as a wrong number (dialed wrong). Once I scoped out the number and who/how answered I would call and give them the good news that they were awarded a prize of free pizzas and our people would be down to deliver them, just need their address.
Yeah I was tempted to call it. The thing is I think it is nosy distant hometown relatives. I traced the number it is in the same town I am in. They Vanguard, a few credit union, ebay and amazon are the only ones that have the email.
oh, man. That is awful

User avatar
alpenglow
Posts: 640
Joined: Tue May 31, 2011 12:02 pm

Re: Help gmail security question

Post by alpenglow » Wed Jan 10, 2018 11:30 am

JohnFiscal wrote:
Wed Jan 10, 2018 11:24 am
rec7 wrote:
Wed Jan 10, 2018 9:52 am
JohnFiscal wrote:
Wed Jan 10, 2018 9:46 am
I would be tempted to call the phone number. First, I'd ask for "Joe" and play it as a wrong number (dialed wrong). Once I scoped out the number and who/how answered I would call and give them the good news that they were awarded a prize of free pizzas and our people would be down to deliver them, just need their address.
Yeah I was tempted to call it. The thing is I think it is nosy distant hometown relatives. I traced the number it is in the same town I am in. They Vanguard, a few credit union, ebay and amazon are the only ones that have the email.
oh, man. That is awful
Wow that's messed up. I was expected Romania or something like that.

Liberty1100
Posts: 236
Joined: Fri Nov 21, 2014 12:36 pm
Contact:

Re: Help gmail security question

Post by Liberty1100 » Wed Jan 10, 2018 11:35 am

Here's a way to delete large groups of emails from Gmail: http://www.expertreviews.co.uk/software ... -smart-way

I would try to google the number. You may find who it goes to.

2015
Posts: 1694
Joined: Mon Feb 10, 2014 2:32 pm

Re: Help gmail security question

Post by 2015 » Wed Jan 10, 2018 12:10 pm

rec7 wrote:
Tue Jan 09, 2018 8:56 pm
I have my vanguard and my credit unions sent to this email so they would know them all. Plus I use my real name as my email. They did this seven months ago. I am just scared right now. But I will do what you said.
It's a pain, but I would seriously consider creating a new gmail account, migrating all of your financial accounts to that one, after which I would delete the current account. Given that you have sensitive financial information being sent to this account, I believe it's worth the extra effort. I am also assuming that this is an email dedicated to financial account notifications and account back up only? If not, I wouldn't hesitate to migrate to a new gmail account (using only a yubikey, goggle authenticator, and pass codes as gmail account recovery options). Your dedicated financial accounts email shouldn't be published anywhere or associated with anything other than highly sensitive financial accounts.

hunterg
Posts: 1
Joined: Wed Jan 10, 2018 11:55 am

Re: Help gmail security question

Post by hunterg » Wed Jan 10, 2018 12:11 pm

This is scary.
If I was looking into this I would check the IP login history which Gmail catalogs for you. Maybe not back 7 months but just for future knowledge.
IMHO this is serious enough to get support involved.

If it was nosy relatives then the best way to lock it down is changing your password to something pretty substantial and applying app based 2FA. Phone numbers are a HUGE security hole in 2FA. Also, it is good practice to have two email accounts. One for the crown jewels (financial info, etc) and another for correspondence.

Recommendations:
Open a fresh (pseudonymous) Gmail account and apply Google Advanced Protection to it. (https://landing.google.com/advancedprotection/)
Re-route all financial and sensitive notifcations to this account
Put app based 2FA on the existing Gmail after changing the password

rec7
Posts: 2369
Joined: Tue Oct 28, 2008 7:22 pm

Re: Help gmail security question

Post by rec7 » Wed Jan 10, 2018 1:58 pm

I got five emails like this put thought they were phishing. They looked like they were from google. I did not click on any of them.

You received this message because xxx@xxxxxxx(my email) is listed as the recovery email for aaa@aaaaaa. If aaa@aaaaaa is not your Google Account, click here to disconnect from that account and stop receiving emails.
Disclaimer: You might lose money doing anything I say. Although that was not my intent. | Favorite song: Sometimes He Whispers Jay Parrack

Grasshopper
Posts: 893
Joined: Sat Oct 09, 2010 3:52 pm

Re: Help gmail security question

Post by Grasshopper » Wed Jan 10, 2018 2:20 pm

How about a YubiKey on Google and VG accounts.

User avatar
Duckie
Posts: 5798
Joined: Thu Mar 08, 2007 2:55 pm

Re: Help gmail security question

Post by Duckie » Wed Jan 10, 2018 6:07 pm

rec7 wrote: I got five emails like this put thought they were phishing. They looked like they were from google. I did not click on any of them.

You received this message because xxx@xxxxxxx(my email) is listed as the recovery email for aaa@aaaaaa. If aaa@aaaaaa is not your Google Account, click here to disconnect from that account and stop receiving emails.
I get those every time I change something on my Google account. They are normal. I don't click on them. If I just made a change I ignore them. But if I didn't just make a change I would go into Google and see what's different.

User avatar
Pajamas
Posts: 6015
Joined: Sun Jun 03, 2012 6:32 pm

Re: Help gmail security question

Post by Pajamas » Wed Jan 10, 2018 6:20 pm

rec7 wrote:
Wed Jan 10, 2018 1:58 pm
I got five emails like this put thought they were phishing. They looked like they were from google. I did not click on any of them.

You received this message because xxx@xxxxxxx(my email) is listed as the recovery email for aaa@aaaaaa. If aaa@aaaaaa is not your Google Account, click here to disconnect from that account and stop receiving emails.
Anyone can add your email to their account as a recovery email address. It is most likely a mistake. It has no affect on your Google or Gmail account. If you don't confirm it, your address won't actually be added to their account as a recovery email address. Even if you confirm it, nothing will happen to your account except that if the other person ever needs to recover their account, the email will go to you and they won't be able to access it.

Mistakes with email addresses are frequent, just as with phone numbers and street addresses.
hunterg wrote:
Wed Jan 10, 2018 12:11 pm

IMHO this is serious enough to get support involved.
There's essentially no live support for a free Gmail account. It is automated and self-service. Incidents like this happen thousands of times a day. In 2016, Gmail had more than a billion active users.

Everyone should do a security review to make sure they will be able to recover their account if something happens to it. Once you lose access to an account, it won't be possible to recover it unless you have taken certain steps in advance. For instance, you may need to know the date your account was created and have a backup email address and a phone number that can receive texts added to the account. If you don't know the date the account was created, there may be no way to find out at this point, so that will make the other precautionary measures even more important.

https://myaccount.google.com/security-checkup
rec7 wrote:
Wed Jan 10, 2018 9:52 am
The thing is I think it is nosy distant hometown relatives. I traced the number it is in the same town I am in. They Vanguard, a few credit union, ebay and amazon are the only ones that have the email.
It's unlikely that someone hacked into your account based on knowing your Gmail address and then didn't change the password to lock you out of it but added their phone number to the account. Is it possible you added the phone number of a relative when you created the account as a precaution in case you got locked out?

If not, if you accessed Gmail on a computer and didn't sign out and didn't close the browser, anyone who used that computer after you might have had access to your account. It could have been your relative in your home or on a computer at their house or a stranger at the library. Has anyone had access to a computer that you logged into your Google account on?

Afty
Posts: 754
Joined: Sun Sep 07, 2014 5:31 pm

Re: Help gmail security question

Post by Afty » Wed Jan 10, 2018 6:40 pm

IMO your effort would be better spent securing the account than deleting emails. Emails alone generally don't contain sensitive information because they are sent without encryption (because of how email works, not specific to Gmail). So for example, emails from Vanguard will only contain info like "You have a new statement" but not the statement itself. If Vanguard needs to send you a secure message, they will send it via their own secure message system that you have to log into the Vanguard site to see. Simply having an email would not give people access to your financial accounts.

Now, having access to the email account can give people access to other accounts, because of things like password resets. So it is very important to secure access to your email account. Two factor via an app (not SMS) should be sufficient for that. If you are really paranoid, you can use a Yubikey, but IMO that is overkill unless you might be a target of state sponsored attackers.

FWIW, I'm a software engineer with some understanding of computer security. I use two-factor via the Google Authenticator app for my personal Gmail account.

Post Reply