In order to be able to help my mother, my gmail is listed as a recovery email for her Google account, mother@gmail.com (not her actual address).
Today I received a "Security alert for your linked Google Account" which notified me that someone requested recovery of her account. I first checked with her over the phone whether she might have forgotten her password, but she assured me she hasn't accessed or tried to access that account in some time.
The email said that if we didn't request account recovery, we should follow a link.
I did so, as the email looked legit: sent from no-reply@accounts.google.com, mailed by gaia.bounces.google.com, and signed by accounts.google.com.
The link led me to accounts.google.com with a green padlock marked in Firefox.
The link gave me options to cancel the account recovery process or letting it to proceed. However, the account to which this recovery was supposed to pertain was, confusingly, my father's email, which is not even a gmail address, father@localDomain. That is, on the top of the page it said that the recovery of account father@localDomain has been requested.
I marked the option to "Stop the account recovery" and very briefly mentioned this problem in a text box that was provided. I only got a confirmation after this and was not prompted to do anything else.
To add to my confusion, once I later checked to see if father@localDomain was also set as a recovery email for mother@gmail.com, I could find no connection between these two accounts.
If this was a very clever phishing attempt which somehow related my parents' email addresses, I don't know how it could have worked since at no point I was prompted to input any password or other personal data. I also tried hard to identify any telltale signs of phishing. Did I miss something?
If not, what happened?
