Jump to content

Hacking/phishing or genuine Google message?


Recommended Posts

Posted (edited)

Got this in my mail just now:

Firstly detected is spelt wrongly

Secondly after accounts@google it has a slightly suspicious email address for a corporate entity....or does it?

It is telling me to take action by following a link.

Action to take?

I can show the address from but cannot post the format of the rest....TV inhibits it....... just to say there's a link to follow "to resolve this problem"

and

Sincerely,

Accounts

[email protected] <[email protected]>
4:32 PM (16 minutes ago)
cleardot.gif
cleardot.gif
cleardot.gif
to bcc: me
cleardot.gif
Edited by cheeryble
Posted (edited)

If your using the web version of gmail, you can use the |▼| 'more' option (displayed next to the date) and select the "Show Original" and look at all the 'Received' headers (what path the email took to get to you).

Official Google email will usually originate from accounts.google.com, NOT a freebie GMail account.

As steven100 posted, fake/scam.

Edited by RichCor
Posted (edited)

If your using the web version of gmail, you can use the |▼| 'more' option (displayed next to the date) and select the "Show Original" and look at all the 'Received' headers (what path the email took to get to you).

Official Google email will usually originate from accounts.google.com, NOT a freebie GMail account.

As steven100 posted, fake/scam.

Sent what you suggested in a PM for your perusal Richcor......trusting you with my details...... and thanx and for all your previous help.

Also reported under |▼| as a phishing attack.......though perhaps should have waited for your inspection.

​Funny enough it seems to have disappeared from my Macbook (online) whilst I can still see it on iPad (offline)

Maybe Google deletes reported phishes instantly?

Edited by cheeryble
Posted (edited)

Once you tag an email as SPAM or Phishing in gmail Google assigns it a 'spam' tag and it then is only available in the SPAM 'folder' (not really a folder, but anyway) and it eventually gets deleted after 30 days.

Yes, got your PM. What I meant by looking at headers ... if you ever receive what seems to you as a real email but you doubt it's authenticity, then look at the raw/original email headers and see if all the email addresses match.

In this instance, there are three striking issues:

the email has a FROM address using the free email address "gmail.com" domain -- Google never sends 'official notifications' using this domain.

the email 'header' reports the email has another FROM address using the free email address "gmail.com" domain. -- the first 'From" address is 'spoofed' (and they still didn't get it right).

the body of the email contains only a link to a .png graphic and a hyperlink to an external online html page -- never a good thing.

Other than reporting the Phishing attempt or marking it as SPAM, there isn't much more to do.

It's very rare that I ever see these things in my Google Apps/Email account. I still check my SPAM folder (not really a folder, but anyway) to see if any desired email get trapped by the filter. Some of my email contacts can't help but spew out spam ridden correspondence.

Edited by RichCor
Posted (edited)

Thanks Rich

you inspired me to check my Junk folder.

I didn't find anything worth having but what i did notice was a name which as popped up in my mail notifications sometimes.

I half remembered that when I took the Macbook to the CMU Apple Shop the guy may have put in his own email as an account for testing purposes, maybe just forgot to delete.

I just looked up accounts in Mail and indeed there is a google acct for me and one for him.....I'm presuming it's him.

I may even had had a hacking/phishing email for him it's to his address and says it's from WhatsApp and to listen to a voicemail.

I'm pretty sure this is the same type of thing I was phished with not long ago.

I could just delete the account

I could email and ask if he works at the Apple shop

Or I could call by the place and check if it was indeed him.

As I go through CMU most days I think I choose the latter.

And maybe the first one too.

If I delete his account should i delete any other hidden traces of him?

Edited by cheeryble
Posted

If the other mail account isn't yours then I would suggest you just delete it. No reason to leave it.

Hi Richcor

a bit of trouble....well my Mail hasn't been right for seem time.

I just deleted that account.

(It was a gmail account)

I then tested sending myself an email to MY gmail account, (and my default outgoing server has always been gmail.)

My default outgoing SHOULD be gmail.

Before I sent it said in the details of the mail that it was from "ME" and gave gave that deleted email address suggesting THAT was "ME" maybe he;d written ME in to save time.

It would not send.

I went to Mail>system prefs>acccounts.

I thought to PM you a screenshot privately but it's pretty simple

For my chosen outgoing acct.....gmail ......it is ticked "enabled".

It is IMAP

BUT the incoming mail server, map.gmail.com is faded out

AND the user name which is my gmail address is also faded out.

As for outgoing mail server it says "Google (offline)"....but I'm definitely online and just checked my gmail instantly using Safari.

Hmmm...what would a Richcor do?

EDIT

I just tried composing the same as five minutes ago....an email to my gmail address.

Somethings changed.

It now said it was from my gmail address.

So it should be from the real me to the real me (same email address) which I believe should work fine.

Well......like a lot of stuff for the last months it's in the outbox but not sent.

So is thee previous one from the OTHER email address i just deleted.

Double hmmm......

Posted

gmail is a bit odd. Email I send to myself (or a alias of the same account) won't appear in my inbox. I think because the email exactly matches an email already existing 'sent' email, so the system just leaves it there, tagged as 'sent'.

You need to find out where the email account credentials (email/pass/domain/etc) are stored and verify they contain the current/correct information, for both imap and smtp entries.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...