I've had a few of these emails over the last 6 weeks or so:

QuoteSomeone has your password   
Hi,
Someone just used your password to try to sign in to your Google Account.
Details:
Tuesday, December 27, 2016 7:04 AM (Gulf Standard Time)
Dubai - United Arab Emirates*
Google stopped this sign-in attempt, but you should review your recently used devices:

They seem to be legit, the account it comes from looks like a google account, the link they send appears to go to an accounts settings page, but it asks for sign in details, so instead I've gone the direct way through a normal browser window instead of a link in a potentially dodgy email.

Looking these up on the internet I see a lot of threads where people have received them and gone into their accounts pages and seen either dodgy activity or something like a Raspberry Pi triggering the emails.

Here's the rub though, when I log in and review my devices, there's nothing out of the ordinary. I just see my computer and phone. No other devices I don't recognise, and there's no security alerts anywhere close to when this sign in/email is date stamped.

So here's the question, is this a real threat, or is it a much more sophisticated phishing scam? (I say that as for once there's no typos in the email!)

looks fake to me :-o

where's the included link send you ?

I cut it out in case it was genuine and had account specific details in the url.

https://accounts.google.com/AccountChooser?Email=myemailgoeshere&continue=https://security.google.com/settings/security/activity?rfn%3D5%26rfnc%3D1%26et%3D0%26asae%3D2%26anexp%3Dire-control

I've replaced my email with myemailgoeshere but otherwise that's the link.

To me it looks like it should go to google, unless the garbled bit at the end is masking a different domain harvesting data?

that takes you to google

I'd just change my password and forget about it

chances are if they're emailing out like that, somewhere you use the same password has been compromised and they've caught onto it before anything much happened

I used to get these so changed my password just to be safe each time, but not by using the link in the email - last one was 2014
I also have 2-step verification enabled.

The link is legit, safest course of action is to change any accounts anywhere using that particular password.

Yeah.

The worrying thing is the first time I got this email, I changed the password. This is the second time I've had the email, and it's happened about 10 days after changing the password to something entirely original.

I know that my email address is on a list of addresses that have been compromised by various hacks using https://haveibeenpwned.com/

I guess I should invest in some kind of password managing system as I've been bad and used the same password for a number of things, or variations of.

Quote from: zpyder on December 28, 2016, 19:16:44 PM
Yeah.

The worrying thing is the first time I got this email, I changed the password. This is the second time I've had the email, and it's happened about 10 days after changing the password to something entirely original.

I know that my email address is on a list of addresses that have been compromised by various hacks using https://haveibeenpwned.com/

I guess I should invest in some kind of password managing system as I've been bad and used the same password for a number of things, or variations of.

Check the 'recovery' email addresses - make sure there is not a way they can recover your password.


In the "Change account settings" section, click Change password recovery options. You might need to type in your password. Click Add a recovery email address/a mobile phone number. If you already have these options, you'll see a link to edit them.

Safest way is to turn on 2 step verification as well.



 

As Egg says, enable 2FA on your account.

Presumably the reason why no other devices are listed on the "device access history" bit, is because google stopped the access?

I've enabled two-step verification.