What's the angle/risk - someone set my email as recovery or did they?

[Supermofo]

So had an email I'd missed to my hotmail on the 8th May. It was in Spanish and appeared to be from google saying someone was trying to link my hotmail to their gmail account as the recovery address, it had a 6 digit code as they do and said if this wasn't you then ignore it. This was followed by a second email saying my hotmal was now the recovery address for this gmail account. There was a button to disassociate my hotmail from this account but I don't fancy clicking it in case. However the email does seem to be from gmail and when I hover over the senders addess it comes up with linked emails I have sent to google.

Checking my MS account I can see that from the 10th May there have been several attempts to sign into my hotmail from Iran, Germany, US, Philippines etc. and a check on have I been pwnd says my hotmail address was involved in a hack. But it doesn't appear that they have successfully logged into my hotmail, I think. Either way I've changed my MS account password to be sure.

In the meantime I was checking my google account to make sure that was all good and noticed that whilst the recovery email was set to my hotmail account it was saying it hadn't been verified in a while. So I did that and I got the exact same emails as the ones above in Spanish. Both the code one (which I entered) and the success one.

So, has my hotmail been used as a recovery for some random email and how did they do it? Should I click the link? My gut feel is don't click nothing and do what I've done which is change my passwords and leave it. But I'm just trying to work out did they link to my hotmail or is that just a rouse and the link is just pure phishing.

[Yorick]

Never click on a link in an email.

[Rockburner]

So had an email I'd missed to my hotmail on the 8th May. It was in Spanish and appeared to be from google saying someone was trying to link my hotmail to their gmail account as the recovery address, it had a 6 digit code as they do and said if this wasn't you then ignore it. This was followed by a second email saying my hotmal was now the recovery address for this gmail account. There was a button to disassociate my hotmail from this account but I don't fancy clicking it in case. However the email does seem to be from gmail and when I hover over the senders addess it comes up with linked emails I have sent to google.

Checking my MS account I can see that from the 10th May there have been several attempts to sign into my hotmail from Iran, Germany, US, Philippines etc. and a check on have I been pwnd says my hotmail address was involved in a hack. But it doesn't appear that they have successfully logged into my hotmail, I think. Either way I've changed my MS account password to be sure.

In the meantime I was checking my google account to make sure that was all good and noticed that whilst the recovery email was set to my hotmail account it was saying it hadn't been verified in a while. So I did that and I got the exact same emails as the ones above in Spanish. Both the code one (which I entered) and the success one.

So, has my hotmail been used as a recovery for some random email and how did they do it? Should I click the link? My gut feel is don't click nothing and do what I've done which is change my passwords and leave it. But I'm just trying to work out did they link to my hotmail or is that just a rouse and the link is just pure phishing.

In hotmail you can see the "actual" sending address and domain (not just the "to" detail) - that is more than enough to identify a spam/phishing email.


BTW - IIRC you're based in Spain?? (if not: ignore this next bit). Google may well be using your geo-location and ASSUMING that you're a Spanish speaker in their automated emails (despite you using English everywhere else). Obviously this ASSUMES that the email you're receiving in the hotmail account is genuinely from Google.

[Supermofo]

Never click on a link in an email.

No, hence why I haven't. Just odd as the sender does look like it's google.

[Supermofo]

BTW - IIRC you're based in Spain??

Not unless Hertford has moved recently!

The named Gmail account looked Spanish to me. When I looked into this via google search people can try and link to your email as a recovery by mistake. But if they can't see the 6 digit code they can't actually link it. So given I can't see any successful log in's that are clearly hack attempts I assume this is some sort of phishing.

[roadster]

In gmail you can see the detailed source code of an email using the "show original" option from the menu accessed by clicking the three vertical dots of the open email title bar. Other email clients usually have a view source option which you can use without actually opening the mail itself.

In the source code dump find the "Received: from" line then make a note of the IP address at the end of that line.
Now go to the site https://wq.apnic.net/apnic-bin/whois.pl and type in the IP address.
You will see who the sender is and in general terms where they are located.

You can also use this technique to check any embedded shortcuts in the mail body. Never rely on names always use the IP addresses. There is still a matter of judgement but this way gives you a lot more to go on.

[Mussels]

So had an email I'd missed to my hotmail on the 8th May. It was in Spanish and appeared to be from google saying someone was trying to link my hotmail to their gmail account as the recovery address, it had a 6 digit code as they do and said if this wasn't you then ignore it. This was followed by a second email saying my hotmal was now the recovery address for this gmail account. There was a button to disassociate my hotmail from this account but I don't fancy clicking it in case. However the email does seem to be from gmail and when I hover over the senders addess it comes up with linked emails I have sent to google.

Checking my MS account I can see that from the 10th May there have been several attempts to sign into my hotmail from Iran, Germany, US, Philippines etc. and a check on have I been pwnd says my hotmail address was involved in a hack. But it doesn't appear that they have successfully logged into my hotmail, I think. Either way I've changed my MS account password to be sure.

In the meantime I was checking my google account to make sure that was all good and noticed that whilst the recovery email was set to my hotmail account it was saying it hadn't been verified in a while. So I did that and I got the exact same emails as the ones above in Spanish. Both the code one (which I entered) and the success one.

So, has my hotmail been used as a recovery for some random email and how did they do it? Should I click the link? My gut feel is don't click nothing and do what I've done which is change my passwords and leave it. But I'm just trying to work out did they link to my hotmail or is that just a rouse and the link is just pure phishing.

In hotmail you can see the "actual" sending address and domain (not just the "to" detail) - that is more than enough to identify a spam/phishing email.


BTW - IIRC you're based in Spain?? (if not: ignore this next bit). Google may well be using your geo-location and ASSUMING that you're a Spanish speaker in their automated emails (despite you using English everywhere else). Obviously this ASSUMES that the email you're receiving in the hotmail account is genuinely from Google.

Never trust the sending address even if you can see it, they are easy to forge.

[Nordboy]

I do find an increasing difficulty in working out whether some emails are legit or phishing emails these days. I don't generally click on any links and am sure I've missed out on some genuine offers etc in the past.