General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User RobertoS
(sensei) Wed 03-Oct-12 20:49:40
Print Post

Phishing re gmail accounts?


[link to this post]
 
I received two emails today, timed almost simultaneously, to one of my non-RobertoS domains.

The first, to name1@mydomain :-
We have received your request to add name1@mydomain to your Google Account. Please click on the link below to verify this request....
Of course I would do no such thing. Note name1 is not a legitimate name on my domain, nor on any gmail account that I hold. I do accept all emails to the domain then blacklist unwanted ones such as name1, but this one is more worrying than normal spam.

The second was sent to name1 name2 <name1@mydomain> :-
Congratulations on creating your brand new Gmail address, name1name2@gmail.com ....
I can find no way of reporting this to google. All I can find is the way to report phishing emails received on my gmail address.

So is it phishing? The links within the emails of course look legitimate, but other than one gmail support video I have found that quotes one possible "invalid" link, there seems no way of verifying the links given. There doesn't seem to be a list of valid links.

I've checked the only google account I am aware of that has nick@mydomain as its signin and it appears unharmed.

Any ideas anyone please? What I would obviously most like to do is to forward the two emails to a phishing or similar address at google, in the same way as you can to banks.

My broadband basic info/help site - www.robertos.me.uk
Domains,website and mail hosting - Tsohost. Connection - Plusnet Extra Fibre (FTTC). Sync ~ 56.0/13.9Mbps @ 600m.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User yarwell
(sensei) Wed 03-Oct-12 21:06:23
Print Post

Re: Phishing re gmail accounts?


[re: RobertoS] [link to this post]
 
in general I look at the sending domain or domain that it links to and make abuse reports to the relevant domain abuse address

Looking at the source code / "original message" you should see domain of links

--

Phil

MaxDSL - goes as fast as it can and doesn't read the line checker first.

MaxDSL diagnostics
Standard User RobertoS
(sensei) Wed 03-Oct-12 21:15:53
Print Post

Re: Phishing re gmail accounts?


[re: yarwell] [link to this post]
 
I did and all looked OK.

However, the example the google video gave also looked OK. They pointed out that it was the subdomain name before the main domain that was the phishing clue, and said what the correct link was for the particular facility.

All the links in these two emails are subdomains of google.com, but there is no way of reporting the problem.

Hence my post asking what to do, and my complaint that there isn't a list of valid links.

My broadband basic info/help site - www.robertos.me.uk
Domains,website and mail hosting - Tsohost. Connection - Plusnet Extra Fibre (FTTC). Sync ~ 56.0/13.9Mbps @ 600m.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.


Register (or login) on our website and you will not see this ad.

Standard User yarwell
(sensei) Wed 03-Oct-12 21:49:05
Print Post

Re: Phishing re gmail accounts?


[re: RobertoS] [link to this post]
 
if the links when viewed in message source are all to Google sites then it probably isn't phishing. For clarity I mean the actual links viewed in plain text not the GUI stuff built to con you !

I have a couple of people that use my Gmail address in error (and others do) which can be entertaining.

Make an abuse report to origination of emails ?

http://www.google.com/safebrowsing/report_phish/

support.google.com/mail/bin/request.py?contact_type=abuse&&hl=en

--

Phil

MaxDSL - goes as fast as it can and doesn't read the line checker first.

MaxDSL diagnostics
Standard User RobertoS
(sensei) Wed 03-Oct-12 22:37:23
Print Post

Re: Phishing re gmail accounts?


[re: yarwell] [link to this post]
 
Ummmm.

Thanks for the links. Maybe I'm being thick, but I don't see how either helps.

The point being that there is nothing identifiably suspect in either email. The second looks identical to a couple I recently received when I did set up a couple of gmail addresses. The first doesn't look at all odd either, coming from From: account-verification-noreply@google.com.

What I want to do is get google to find out what is triggering these. As both seem to be genuinely from google/gmail I don't see how to do that on either of those links.

The first by itself I would just have ignored - that's what such are about. But for the second to come addressed as it is implies to me that something more serious than a mistaken mydomain being entered at the setup request phase. From the "From" given above, it seems that a gmail address has been successfully set up, associated with name1@mydomain. How can that be, given that I didn't do anything with the verification request email. Both happened hours before I saw them.

My broadband basic info/help site - www.robertos.me.uk
Domains,website and mail hosting - Tsohost. Connection - Plusnet Extra Fibre (FTTC). Sync ~ 56.0/13.9Mbps @ 600m.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User RobertoS
(sensei) Wed 03-Oct-12 22:40:59
Print Post

Re: Phishing re gmail accounts?


[re: RobertoS] [link to this post]
 
Re the second one, saying name1name2@gmail has been set up. From "Gmail Team" <mail-noreply@google.com>

My broadband basic info/help site - www.robertos.me.uk
Domains,website and mail hosting - Tsohost. Connection - Plusnet Extra Fibre (FTTC). Sync ~ 56.0/13.9Mbps @ 600m.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User RobertoS
(sensei) Wed 03-Oct-12 23:03:39
Print Post

Re: Phishing re gmail accounts?


[re: yarwell] [link to this post]
 
Just used the second one. Managed to get the problem described. The final message is of course very discouraging, implying I will never hear anything about it.
Thank you for submitting a report. We take our users' privacy and security very seriously, so we appreciate your concern. We will use the information you provide to conduct an investigation. We will contact you if we need more details; however, you will not receive a response or email acknowledgment of your submission.


My broadband basic info/help site - www.robertos.me.uk
Domains,website and mail hosting - Tsohost. Connection - Plusnet Extra Fibre (FTTC). Sync ~ 56.0/13.9Mbps @ 600m.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User XRaySpeX
(eat-sleep-adslguide) Wed 03-Oct-12 23:36:59
Print Post

Re: Phishing re gmail accounts?


[re: RobertoS] [link to this post]
 
Can you log in to your newly "acquired" Google a/c's, even if you pretend to have forgotten your pwd?

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
Standard User RobertoS
(sensei) Wed 03-Oct-12 23:57:29
Print Post

Re: Phishing re gmail accounts?


[re: XRaySpeX] [link to this post]
 
That's a thought. But what I was thinking earlier was that the Verification link would seem to have been used? So HMMMM. Either someone has access to this m/c or to my mail host.

C e n s o r e d words!

Full scan next. (Now running, but there have been a few background "Quick scan" scans today.
Then mail host password change.

My broadband basic info/help site - www.robertos.me.uk
Domains,website and mail hosting - Tsohost. Connection - Plusnet Extra Fibre (FTTC). Sync ~ 56.0/13.9Mbps @ 600m.

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User yarwell
(sensei) Thu 04-Oct-12 01:27:34
Print Post

Re: Phishing re gmail accounts?


[re: RobertoS] [link to this post]
 
The point being that there is nothing identifiably suspect in either email
So the IP address that originated the email is in Google's ownership ?

and the links as verified in the code are also in Google's hands ?

The From address, as I'm sure you know, is a text field entered by the mail client software, and not a verifiable indication of anything.

if you C&P the headers I'll have a poke around. It does sound a bit obscure as described.

--

Phil

MaxDSL - goes as fast as it can and doesn't read the line checker first.

MaxDSL diagnostics
Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to