Someone is using my gmail to set up new accounts

Someone is trying to set up new accounts with my gmail address. I just got three confirmation emails, so I’ve taken care of those, but I don’t know if it’s been used anywhere else. How can I keep my email account secure? And what is really happening here? Are they trying to steal my email address?

Thanks!

You could change your Google password to be very safe, but it’s probably just someone who doesn’t know their email address.

That was my first thought, too. I do that. I have an email like Nameoftheemail01, and on a regular basis, I forget the “01” at the end when I register somewhere and presumably whoever uses “Nameoftheemail” must receive the corresponding messages.

you could also enable 2 factor authenticationto make your account more secure.

For certain definitions of secure. Maybe just change up your password regularly for a while to make your email address less palatable if someone’s being nefarious.

You may have a doppelganger. I have a gmail address that goes “word1.word2@gmail.com”. I get email for “word1word2@gmail.com”. Look at the details on the header.

Best advice. Enable MFA on every account you can: Google, Amazon, your banks/creditcard/retirement, etc. More are starting to do it be default, but you can speed it up on your own.

FYI: You have a lot of possible email variations that work: w.ord1word2, wo.rd1word2, w.o.r.d.1.w.o.r.d.2@gmail.com, etc.

This has been happening to me for a while now. Supposedly, though, the other person can’t sign up for the “word1word2@gmail.com” address so they never actually can see the mail. So why are they putting that address down as theirs?

Google ignores periods in gmail addresses. The only one that matters is the one in .com

Just because someone is using your email address doesn’t mean your email account is compromised in any way. Your email address is not a secret.

What do you mean you have “taken care of those” confirmation emails? I would use the information to log into the site, change the password (most likely a reset message will be sent to your email address) and find out the other registration information on the account (name, phone). I would only do this for known trusted sites, otherwise it could be some sort of phishing attack.

The possibilities I can think of are:

  1. As others have suggested, someone is mistakenly typing your email address instead of their own.
  2. Someone is trying to use your email address to set up accounts in the belief or hope that they won’t have to actually access the email account and respond to a confirmation email in order to have a working account. (They might have seen your email address somewhere, or they might have just hit upon it when randomly trying to guess a valid email address.)
  3. Someone who knows your email address is trying to mess with you by signing up for accounts in your “name.”
  4. Someone has somehow gained access to your email account and is using it to set up accounts.
    On preview, CookingWithGas’s suggestion: 5. These aren’t really “confirmation emails” but rather phishing attempts: fake emails that don’t really come from who they say they come from.

Unless it’s #4 (which wouldn’t be the first conclusion I’d jump to, without any additional evidence), there’s nothing insecure about your email account.

I use an Authenticator app instead of a phone number.

Yes, the Google or LastPass Authenticator apps are great things!

I have about three dozen of these gmail alter egos, and counting. This shit happens to me all the time.

From the link:

This article isn’t saying that two-factor is not secure somehow. It’s just saying that when you set up two-factor for your Facebook account, they would ask you for your phone number (and apparently they don’t require it anymore), and then Facebook being Facebook, apparently used that number for data mining/ad purposes. It has nothing to do with the security of two-factor itself, let alone two-factor on your gmail account, which is what the comment you’re replying to is referring to.

My aol email in my real name has the same <1st init><last name> @ aol. I get quite a few daily guesses at my first name.