What's the angle/risk - someone set my email as recovery or did they?

Supermofo
Posts: 4998
Joined: Mon Mar 16, 2020 3:39 pm
Has thanked: 4359 times
Been thanked: 2850 times

What's the angle/risk - someone set my email as recovery or did they?

Post by Supermofo »

So had an email I'd missed to my hotmail on the 8th May. It was in Spanish and appeared to be from google saying someone was trying to link my hotmail to their gmail account as the recovery address, it had a 6 digit code as they do and said if this wasn't you then ignore it. This was followed by a second email saying my hotmal was now the recovery address for this gmail account. There was a button to disassociate my hotmail from this account but I don't fancy clicking it in case. However the email does seem to be from gmail and when I hover over the senders addess it comes up with linked emails I have sent to google.

Checking my MS account I can see that from the 10th May there have been several attempts to sign into my hotmail from Iran, Germany, US, Philippines etc. and a check on have I been pwnd says my hotmail address was involved in a hack. But it doesn't appear that they have successfully logged into my hotmail, I think. Either way I've changed my MS account password to be sure.

In the meantime I was checking my google account to make sure that was all good and noticed that whilst the recovery email was set to my hotmail account it was saying it hadn't been verified in a while. So I did that and I got the exact same emails as the ones above in Spanish. Both the code one (which I entered) and the success one.

So, has my hotmail been used as a recovery for some random email and how did they do it? Should I click the link? My gut feel is don't click nothing and do what I've done which is change my passwords and leave it. But I'm just trying to work out did they link to my hotmail or is that just a rouse and the link is just pure phishing.
User avatar
Yorick
Posts: 16735
Joined: Sat Mar 14, 2020 8:20 pm
Location: Paradise
Has thanked: 10261 times
Been thanked: 6885 times

Re: What's the angle/risk - someone set my email as recovery or did they?

Post by Yorick »

Never click on a link in an email.
User avatar
Rockburner
Posts: 4371
Joined: Sun Mar 15, 2020 11:06 am
Location: Hiding in your blind spot
Has thanked: 7810 times
Been thanked: 2526 times

Re: What's the angle/risk - someone set my email as recovery or did they?

Post by Rockburner »

Supermofo wrote: Thu May 23, 2024 11:45 am So had an email I'd missed to my hotmail on the 8th May. It was in Spanish and appeared to be from google saying someone was trying to link my hotmail to their gmail account as the recovery address, it had a 6 digit code as they do and said if this wasn't you then ignore it. This was followed by a second email saying my hotmal was now the recovery address for this gmail account. There was a button to disassociate my hotmail from this account but I don't fancy clicking it in case. However the email does seem to be from gmail and when I hover over the senders addess it comes up with linked emails I have sent to google.

Checking my MS account I can see that from the 10th May there have been several attempts to sign into my hotmail from Iran, Germany, US, Philippines etc. and a check on have I been pwnd says my hotmail address was involved in a hack. But it doesn't appear that they have successfully logged into my hotmail, I think. Either way I've changed my MS account password to be sure.

In the meantime I was checking my google account to make sure that was all good and noticed that whilst the recovery email was set to my hotmail account it was saying it hadn't been verified in a while. So I did that and I got the exact same emails as the ones above in Spanish. Both the code one (which I entered) and the success one.

So, has my hotmail been used as a recovery for some random email and how did they do it? Should I click the link? My gut feel is don't click nothing and do what I've done which is change my passwords and leave it. But I'm just trying to work out did they link to my hotmail or is that just a rouse and the link is just pure phishing.
In hotmail you can see the "actual" sending address and domain (not just the "to" detail) - that is more than enough to identify a spam/phishing email.


BTW - IIRC you're based in Spain?? (if not: ignore this next bit). Google may well be using your geo-location and ASSUMING that you're a Spanish speaker in their automated emails (despite you using English everywhere else). Obviously this ASSUMES that the email you're receiving in the hotmail account is genuinely from Google.
non quod, sed quomodo
Supermofo
Posts: 4998
Joined: Mon Mar 16, 2020 3:39 pm
Has thanked: 4359 times
Been thanked: 2850 times

Re: What's the angle/risk - someone set my email as recovery or did they?

Post by Supermofo »

Yorick wrote: Thu May 23, 2024 12:15 pm Never click on a link in an email.
No, hence why I haven't. Just odd as the sender does look like it's google.
Supermofo
Posts: 4998
Joined: Mon Mar 16, 2020 3:39 pm
Has thanked: 4359 times
Been thanked: 2850 times

Re: What's the angle/risk - someone set my email as recovery or did they?

Post by Supermofo »

Rockburner wrote: Thu May 23, 2024 12:22 pm BTW - IIRC you're based in Spain??
Not unless Hertford has moved recently!

The named Gmail account looked Spanish to me. When I looked into this via google search people can try and link to your email as a recovery by mistake. But if they can't see the 6 digit code they can't actually link it. So given I can't see any successful log in's that are clearly hack attempts I assume this is some sort of phishing.
roadster
Posts: 162
Joined: Sun Mar 05, 2023 9:05 am
Has thanked: 15 times
Been thanked: 147 times

Re: What's the angle/risk - someone set my email as recovery or did they?

Post by roadster »

In gmail you can see the detailed source code of an email using the "show original" option from the menu accessed by clicking the three vertical dots of the open email title bar. Other email clients usually have a view source option which you can use without actually opening the mail itself.

In the source code dump find the "Received: from" line then make a note of the IP address at the end of that line.
Now go to the site https://wq.apnic.net/apnic-bin/whois.pl and type in the IP address.
You will see who the sender is and in general terms where they are located.

You can also use this technique to check any embedded shortcuts in the mail body. Never rely on names always use the IP addresses. There is still a matter of judgement but this way gives you a lot more to go on.
Mussels
Posts: 4435
Joined: Mon Mar 16, 2020 9:02 pm
Has thanked: 833 times
Been thanked: 1237 times

Re: What's the angle/risk - someone set my email as recovery or did they?

Post by Mussels »

Rockburner wrote: Thu May 23, 2024 12:22 pm
Supermofo wrote: Thu May 23, 2024 11:45 am So had an email I'd missed to my hotmail on the 8th May. It was in Spanish and appeared to be from google saying someone was trying to link my hotmail to their gmail account as the recovery address, it had a 6 digit code as they do and said if this wasn't you then ignore it. This was followed by a second email saying my hotmal was now the recovery address for this gmail account. There was a button to disassociate my hotmail from this account but I don't fancy clicking it in case. However the email does seem to be from gmail and when I hover over the senders addess it comes up with linked emails I have sent to google.

Checking my MS account I can see that from the 10th May there have been several attempts to sign into my hotmail from Iran, Germany, US, Philippines etc. and a check on have I been pwnd says my hotmail address was involved in a hack. But it doesn't appear that they have successfully logged into my hotmail, I think. Either way I've changed my MS account password to be sure.

In the meantime I was checking my google account to make sure that was all good and noticed that whilst the recovery email was set to my hotmail account it was saying it hadn't been verified in a while. So I did that and I got the exact same emails as the ones above in Spanish. Both the code one (which I entered) and the success one.

So, has my hotmail been used as a recovery for some random email and how did they do it? Should I click the link? My gut feel is don't click nothing and do what I've done which is change my passwords and leave it. But I'm just trying to work out did they link to my hotmail or is that just a rouse and the link is just pure phishing.
In hotmail you can see the "actual" sending address and domain (not just the "to" detail) - that is more than enough to identify a spam/phishing email.


BTW - IIRC you're based in Spain?? (if not: ignore this next bit). Google may well be using your geo-location and ASSUMING that you're a Spanish speaker in their automated emails (despite you using English everywhere else). Obviously this ASSUMES that the email you're receiving in the hotmail account is genuinely from Google.
Never trust the sending address even if you can see it, they are easy to forge.
Nordboy
Posts: 808
Joined: Mon Mar 16, 2020 4:04 pm
Location: S. Wales
Has thanked: 299 times
Been thanked: 565 times

Re: What's the angle/risk - someone set my email as recovery or did they?

Post by Nordboy »

I do find an increasing difficulty in working out whether some emails are legit or phishing emails these days. I don't generally click on any links and am sure I've missed out on some genuine offers etc in the past.