11

My parents just received an email from Gmail:

From: Gmail Team [mailto:mail-noreply@google.com]

Sent: 14 September 2014 04:25 PM

To: MyParents@gmail.com MyParents@gmail.com

Subject: Your Gmail address, MyParents51@gmail.com, has been created

Welcome to Gmail! You can login to your account at http://mail.google.com/.

Here are a couple of tips to help you get started:

Use Gmail's import tools to move mail and contacts from your other email accounts to your new Gmail address. Download the mobile app for Android or iPhone and iPad to stay connected on the go. Should you ever encounter problems with your account or forget your password we will contact you at this address.

Enjoy!

The Gmail Team

This looks like a bona fide email from Gmail in response to a new, duplicate email that looks just like my parents' email address - except for the "51" on the end.

Clearly someone is up to no good here - but what is the threat? Has anyone seen this pattern before?

Some more background here: about a year ago my their Gmail account password was stolen and an attempt was made (thankfully thwarted) to get their bank manager to transfer all their funds into some unknown account. I since got them to change their password to something more secure, though I admittedly did not exclude the possibility of a keylogger on their computer. Could the two incidents be connected?

Shaul Behr
  • 1,027
  • 1
  • 9
  • 16
  • 5
    To my eye, it's not immediately apparent that this *is* a threat. It could simply be that someone has tried to create the same Gmail address, found it already taken and added a '51' to the end to distinguish it. As for why your parents got an email about it, it would seem whoever set up the new account has made your parents the recovery address. This could be done by accident. – Chris Murray Sep 15 '14 at 08:59
  • @ChrisMurray, this did occur to me as a possibility, too. Thanks. – Shaul Behr Sep 15 '14 at 09:03
  • @QuestionOverflow, yes I was also thinking the same mischievous thoughts :) But maybe as Chris says it was done by accident, in which case I'll lose them their new email account forever. I could email them to ask who they are... though maybe that will lose the element of surprise if they are up to no good... what do you think? – Shaul Behr Sep 15 '14 at 09:05
  • What Chris pointed out could also be true though I find it quite unlikely unless someone is using it as a disposable email address and did not pay _any_ attention when signing up. It could also be a phishing attempt to trick your parents into linking up the two accounts. It is really hard to know the intention until something happens. Ignore my earlier comment, it is meant as a joke. – Question Overflow Sep 15 '14 at 09:31
  • You know I would have thought this was just a coincidence as well, except the same thing happened to me on Sept 5th, 2014. I made sure to click the link provided in the email to disconnect the account from my account. After confirming where the message came from of course. – RoraΖ Sep 15 '14 at 11:18
  • The OP should make the full SMTP headers available. Go into the email, and then "show original" from the message's drop-down. – rook Sep 15 '14 at 18:47
  • @Rook, it is a genuine mail from Google/Gmail. And all the links in the mail are hyperlinked to where they say they are hyperlinked to. – Shaul Behr Sep 15 '14 at 19:29
  • @Shaul oah ok, well then I'm not interested unless I can see the technical details. – rook Sep 15 '14 at 19:49

1 Answers1

11

There are three possibilities that I see:

  • honest mistake. John Q. Samenameasyourparents set up an account, came up with your parents' name, was warned by Google and suggested "...51" as an alternative, blindly clicked "Yes, yes" without reading, re-entered your parents' account as backup address (never do that), and thus created an "orphan" account he will never be able to access.

  • the above is what someone wants you(r parents) to believe. The account is not orphan but is linked to another. By using it as a "backup" account or by mistakenly switching to your 'main' account, you may be giving unknown third parties access to some information. Of course this has a very low chance of happening (one in ten?), but a phisher might think that by creating one thousand such accounts, he may be gaining itself one hundred fat, unsuspecting marks. The attempt against your parents' account having come somewhat close to succeeding might have prompted someone to file them under "potential victims for a new scheme".

  • someone has attempted to create a fake account to pose as your parents. This can be used in connection to (b) above: should someone reply to that account, once set up, he would really get in contact with your parents. This would indicate that the unknown someone has also available a list of some of your parents' contact. I've seen a similar scheme in which several friends of mine (from a mailing list) would receive a heartbreaking email from lserni@gmailll.com in which "I", having been robbed in some faraway country and having no wallet, no documents and no cellphone (so don't call me to verify!), am now in dire need of a trusted friend to wire me some money c/o a money transfer parlor in Upper Nowherestan. The email was quite beautifully crafted too.

In all these cases I'd simply forward everything to Google. They can check what happened (i.e. were other accounts created? Did MaryAndJohn@gmail.com follow the unsuccessful creation of JohnAndMary@gmail.com? Were several similar accounts created from the same subnet in the same time interval?... and so on) and take appropriate measures.

LSerni
  • 22,521
  • 4
  • 51
  • 60
  • 5
    I don't know why they don't verify the backup accounts are genuine by sending a link. I keep getting emails regarding a password reset on a Hotmail account I don't own. It appears to be a genuine attempt to gain access to it as rather than anything malicious - if Microsoft had verified that my address was the correct address when it was specified as the recovery address by sending me an email, the user would now have managed to recover their account. – SilverlightFox Sep 17 '14 at 09:51
  • 1
    The last bit is the best -let google handle it as they are far better equipped to do so. – Matthew Peters Jul 13 '15 at 03:09