Am I being phished? (Weird Gmail incident)

I have an email account on Outlook (a.k.a. Hotmail) which I rarely use. I mainly use it in situations where I have to provide a working email address, but I’m not comfortable giving out my “real” address. The address is “firstnamelastname@live.com” (with my real name inserted before the @ symbol).

Today I checked that account and found an email from Google, with the subject line “Your Gmail address, firstnamelastname.live@gmail.com, has been created.”

WTF?

This was a real email from Google; the headers checked out. It contained the standard welcome-to-Gmail message, with a link at the bottom to be used in case “you didn’t create this Gmail address and don’t recognise this email address.” After checking that link to make sure it was legitimate, I clicked it and was taken to another Google page asking me whether or not I created that account. I selected “No,” and got a page verifying that firstnamelastname@live.com has now been disconnected from the firstnamelastname.live@gmail.com account.

What just happened here? Apparently someone set up a Gmail account with my name, and put in my Outlook address as the backup address. I don’t know why someone would do this, if not to lure me into some kind of phishing trap. But if it was phishing, I can’t figure out how it was supposed to work.

Has anyone experienced something like this? Any ideas?

I’m guessing someone has the same email address in gmail as you, only with a middle initial, and forgot to put the initial in when creating the backup address.

I did consider that, although it’s odd that the person evidently did it twice (both in the Gmail address and the backup address). And why put in that “.live” thing after the name in the Gmail address, instead of numerals like everyone else does? It may be perfectly innocent, but it feels creepy.

perhaps they are conflating the two different types of suffixes.

  1. the suffix that is used to hope to find a unique name, johnsmith.1 ,
  2. The suffix that is the domain, @live.com

Being unfamiliar with internet things, they took the suffix from meaning 2 and used it as meaning 1.

That said, it COULD be a crafty way to get your password.

You didn’t give your live.com email to gmail did you ?

If gmail asked for you live.com , it wasn’t actually gmail … gmail would have no use for your microsoft (hotmail.com , outlook.com , live.com,etc ) password.
But yes looks like a mere innocent mistake so far.

Are you certain it was “.live” and not “-live”?

There are a lot of spammer/malware people out there creating accounts for people all over the place. A lot. Mail sites, business, dating, etc.

There are hoping for something to go wrong somewhere and then exploit it. One common technique is create an account for some idjit. The idjit decides to keep it. At some later date the scammer sends a legit looking phishing email supposedly from the site, you click on it, blam. Or they might be a hole in a chain of links somewhere they hope to exploit, etc. (Some accounts work across various web sites. Gmail might be secure but when linked to a flickr account, which used to be doable, there might be a hole on flickr.)

The worst are sites that don’t do email verification: they just create the account with a password only the scammer knows. They continue to use it to post crap in your name. And you have to go thru a lot of hassles to close it. If you’re lucky.

AT&T allowed some jerk to link several accounts to my Yahoo! email address without verification. I cannot unlink them. No way to do it online without knowing the account number or password. No help trying to do it over the phone. Great sign of tech company skills there, AT&T.

Nope, Gmail doesn’t know that address exists. Or didn’t, until someone (innocently or not) put it in as a backup address.

It’s “.live” – although I would have found it no less odd and suspicious if it had been “-live”.

I have a (not all that common) first name only gmail address. I am frequently (~ 2-3 times a week) getting people trying to link their account to mine, or simply just signing up for services and using it as the referrant. One person in particular in South Africa uses it a lot.

I think you’ve nailed this. It looks like someone is harvesting email addresses, then creating Gmail addresses out of them in the hopes that people will log into them (via password reset) and use them.

The scammer could have put in a filter that would send them a copy of every email sent or received. I suspect a lot of people don’t use the Gmail filters feature, and might never notice.

I forgot to mention a variation of this: scammers trying to link other email addresses to an account. So, for example, a password reset gets sent to both yours and theirs and voilà, big problem. Yahoo! and social media accounts are a frequent target of this.

Combining the two scams: set up a gmail address linked to your account and one controlled by the scammer. The dupe starts using the account, the scammer can get forwarded emails, etc.