| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 136330 | 2014-02-18 01:28:00 | Strange Emai...Possible Scammer?l | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1367968 | 2014-02-18 01:28:00 | Hi Team I just received this email, supposedly regarding our daughter's Gmail address Said daughter is at this moment enroute to the UK to address a conference and is either in Dubai or inflight to the UK. Her email address details were correct, but the truncated link is tossed back by Google as spurious. Interestingly, the full link was rejected (I accidentally activated it while truncating) and even the reduced link throws up the same warning. I ask because she is possibly using a mobile device in Dubai to notify us of her safe arrival at this interim stop-over, and maybe Google doesn't like that idea, and also because there is no good reason for Google to send the message to one of my Xtra business accounts. Any ideas? -------------------------------------------------------------------------------- Hi [valid-Name], Someone recently tried to use your password to sign in to your Google Account [Valid sign on]@gmail.com. This person was using an application such as an email client or mobile device. We prevented the sign-in attempt in case this was a hijacker trying to access your account. Please review the details of the sign-in attempt: Monday, February 17, 2014 10:41:17 PM UTC IP Address: 195.229.170.128 Location: Unknown If you do not recognize this sign-in attempt, someone else might be trying to access your account. You should sign in to your account and reset your password immediately. Find out how at support.google.com If this was you, and you are having trouble accessing your account, complete the troubleshooting steps listed at support.google.com Sincerely, The Google Accounts team This email can't receive replies. For more information, visit the Google Accounts Help Center (support.google.com). If [Valid sign on]l@gmail.com isn't your Google Account, click this link to disconnect your email address from this account: accounts.google.com [Truncated] You have received this mandatory email service announcement to update you about important changes to your Google product or account. (c) 2014 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Cheers Billy 8-{) :illogical I just ran the IP and it is assigned to the Emirates department of Civil Aviation. Perhaps she was on a wi-fi connection at Dubai airport? inetnum: 195.229.170.0 - 195.229.171.255 netname: DEPARTMENT-EMIRNET descr: Department Of Civil Aviation - Dubai descr: P.O. Box 2525, Dubai, UAE country: AE admin-c: AB2753-RIPE tech-c: AB2753-RIPE status: ASSIGNED PA mnt-by: ETISALAT-MNT source: RIPE # Filtered person: Arshid Bashir address: Department of Civil Aviation - Dubai address: P.O. Box 2525, Dubai, UAE phone: +971 4 2061205 nic-hdl: AB2753-RIPE source: RIPE # Filtered % Information related to '195.229.128.0/18AS5384' |
Billy T (70) | ||
| 1367969 | 2014-02-18 03:12:00 | Just have her reset the Gmail/google password, by logging into gmail, not via a link, when she gets to UK Wifi hotspots can get hacked/hijacked , might be the issue ?? Or false alarm from google? productforums.google.com |
1101 (13337) | ||
| 1367970 | 2014-02-18 03:46:00 | It's a legitimate warning from Google, not a scam. But the alert can be triggered if you are trying to use something connected to the account from a service in another country, or could be a real hijack attempt. |
Agent_24 (57) | ||
| 1367971 | 2014-02-18 04:07:00 | It doesn't seem to have a login link, and only links to Google support, so seems legitimate. | pcuser42 (130) | ||
| 1367972 | 2014-02-18 09:02:00 | Thanks for that, I think it best to continue taking the cautious approach, so we'll see what happens when she hits the UK. I need reliable communication with her because although she is carrying back-ups for her conference presentation etc separate from her laptop, I am also holding the same data here just in case. It is an international conference and she has had to take unpaid leave and pay her own way, so she wants to make the most of the event. Great opportunities may come from this. Cheers Billy 8-{) |
Billy T (70) | ||
| 1367973 | 2014-02-18 09:02:00 | Simple and safe rule -- NEVER log in to any account via a email link no matter who its from. The scammers are very good and some its almost impossible to tell they are fake. As 1101 suggested, log into the account in a normal manner, and change what ever is required the legit way. Better to be safe than sorry. The ONLY exception is if you request a reset ( for example) and you get a mail sent to you from that place. Had to do that with iTunes the other day, forgot my password, went into itunes requested a reset and by the time it took to open the mail Itunes had sent the mail/link. Today got two scam mails asking to confirm new security features from ANZ :tui: |
wainuitech (129) | ||
| 1367974 | 2014-02-19 07:58:00 | Well, we made phone contact, and yes, she was trying to email while at the airport, but was having major problems with very slow Wi Fi at that site. We had no problems with Wi Fi comms in Dubai itself when Billy Jnr was resident there for 6 months, and now that said daughter is in the UK and Wi Fi/email is OK there, so all is well again. In terms of security, as I have mentioned before, I screen all incoming mail through MailWasher and if I have the slightest suspicion I can view the full header which usually has a wealth of information. I can also see everything contained in the email including hidden stuff that won't show in a download. That was how I found the IP address for the Dubai airport connection. Cheers Billy 8-{) |
Billy T (70) | ||
| 1367975 | 2014-02-19 08:04:00 | I suggest you set up an SSH tunnel\proxy back to your own internet connection here she can use, better than risking using some public WiFi connection directly. | Agent_24 (57) | ||
| 1367976 | 2014-02-19 08:18:00 | I suggest you set up an SSH tunnel\proxy back to your own internet connection here she can use. I have no idea how to do that, but my present system has kept me safe for many years. I see everything in the email transmission and if I don't like it, I don't download, I just delete it from the server. It is pretty much possible to see any catch, but if in doubt I toss it out! Cheers Billy 8-{) |
Billy T (70) | ||
| 1367977 | 2014-02-19 09:20:00 | I can confirm that ANZ has serious problems with their security. I used to be with the National Bank and never had any problems whatsoever but once ANZ took over my email contact for National was passed on to ANZ and it seems to whoever is trying to get me to update my account settings using what looks like legitimate ANZ letterheads and webpage headers etc. |
zqwerty (97) | ||
| 1 2 | |||||