Compromised email password ? . Please help if you know anything about computer scams or hacking

[magpens]

I use Yahoo for emails.
Today I got an email from Google to say that they have learned that someone other than me knows the password for my email account.
They want me to log off, then log on again and change my password. . Admittedly, it is high time that I changed my password even without this "incident" today.

..... IF it is indeed an "incident"

I don't know anything about computer security, hacking, or scams.

But I am suspicious about the message I received, even though it has the appearance of being genuinely from Google (including an address for Google).

Would love to hear from anybody (and everybody) who might have some knowledge about these things, please.

First off, do you know if Yahoo is owned by Google ? . That was the first question that came into my mind. . Thanks in advance.
The second question was ... How would Google "KNOW" that my password has definitely been compromised ?
That's not the sort of thing that a hacker would disclose.

I should perhaps also say that I have no reason to be suspicions that my password has been hacked by anybody.
Sure, I do get some messages that are obviously SPAM but I recognize (most of) them and don't even open them. . I am sure this happens to everybody.
But nothing obviously malicious has occurred so far.

 

[duncsuss]

1. Do not click on anything (links, attachments, images) in the email.

2. Forward the email to "abuse@google.com" asking them to verify if it is genuinely from them.

3. No, Google does not own Yahoo.

4. Google might know that your Yahoo account was breached (if, for example, they find a treasure trove of email addresses and passwords in a file on a site known to be used by hackers.)

 

[TonyL]

I get the same every few days. About two months ago, I started using Bravo, DuckDuckGo and browsing incognito while using YouTube. Probably, not helping much, but like locks on doors, I still use them.

 

[TDahl]

I second using DuckDuckGo.

One recommendation I would make is to use two factor authentication with any social media/internet accounts.

 

[magpens]

@TDahl

Tim, thanks for the suggestion. . I read a little bit about TFA and it seems quite straightforward but I have some questions. . Forgive my ignorance.

Is TFA something that must be "offered" (perhaps as an option) by the email service provider, or is it an "add-on" that I must seek out and install.

Is TFA something you can elect to implement when you create a new account with ANY email provider ? . If so, how, please ?

My email account was originally established about 30 years ago. . Can I get TFA added at this time ? . Again, if so, how, please ?

 

[randyrls]

Mal; Duncan has good advice; Go to your web browser and bring up Google and change your password. DO NOT click on anything the email!
I'll offer additions; Don't use the same password on multiple web sites. If you have a lot of sites, use a password manager. Even so, write down your passwords on paper or on a flash drive (copy and paste). There is one built into both Chrome and Firefox. LastPass (Password manager) can be used with other browsers. PM me if you want and we can get together on Zoom.

 

[monophoto]

I always assume that e-mails claiming that access to an account has been compromised and instructing me to do something are 'phishing' or some other fraudulent activity. After determining the general nature of the e-mail, I delete it without wasting any additional time reading it,.

And never click on a link in an e-mail unless you actually know the sender and you can tell from the message that it really did originate with the person identified as the sender. Randomly clicking on links in fraudulent e-mails is a great way to infect your computer with malware.

 

[TellicoTurning]

I haven't gotten an email yet, but I often receive a recorded phone call from Google saying my business account needs to be update, call this 800 number, etc (I don't have a business on Google).... also have had calls from Microsoft saying my account has been compromised... I don't think Google, Microsoft or any of the other big tech companies have drilled down to the individual level of contact to let us know about "problems".... I also get calls from "Medicare" that wants me to call back to some 800 number as they are there to "help me".... The scammers and phishermen are working hard this year.

 

[magpens]

Thanks, guys !

The general reaction seems to be that the email prompting this thread is, most likely, a phishing email, even tho' it looks genuine from Google.
That was my reaction also.
I did not click on anything in the email because my gut feeling told me not to, just as you folks have advised.
Nor have I changed my password yet.
Seems I should do that, however.
Also, seems that I should do some research on :- .... Password Manager; .... Two Factor Authentication; .... possibly other precautionary measures.

Oh, the "joys" of modern life !!

All this when all I really want to do is make pens for the fun of it !!! . And communicate with my friends who want to do the same .
And share that enjoyment with each other and whoever else wants to participate or tag along !

Thanks again, guys !

Any other suggestions, comments, or experiences to share ? . Would love to hear, please !

 

[chartle]

First without Googling it I think Yahoo (ok I lied I double checked) is owned by Verizon. But if you ever have a password issue never click the embedded link. Go directly to the site.

On a side note Google is telling me 12 of my many passwords have been compromised but not sure how to tell which ones. I think they scour the deep web looking for your info.*

And I was fooled for a bit by a an email from my boss asking if I was in my office and could I do him a favor.

Oddly I just left him and the email kind of made sense because I do things for him all the time and his friends in my print shop. So I responded but them it got weird and he wanted me to buy him some gift cards to send out as gifts. That's when I figured it out and sent it off to our TS spam email.

* Ok I figured it out and its all for old accounts and ones for my now very adult kids that are somehow attached to my account. Oddly Yahoo is one of them, haven't logged in for years, and maybe the reason for your email.

 

[magpens]

@chartle

Thanks for your reply, Cliff.

It is not that my Yahoo email account has been unused for a long time. . I first opened the email account some 25 - 30 years ago.
And I have used the account almost every day since then for all sorts of purposes including email and log-in ID for other accounts (eg. Facebook, pen supply vendor accounts, etc. )

It is comforting ( is it really ? ) to know that you have received notifications from Google that YOUR passwords have been compromised also !

I think everybody needs at least a Baccalaureate in internet security !!! . Oh well, I guess I will disable the "worry circuit" for now !

 

[TDahl]

@TDahl

Tim, thanks for the suggestion. . I read a little bit about TFA and it seems quite straightforward but I have some questions. . Forgive my ignorance.

Is TFA something that must be "offered" (perhaps as an option) by the email service provider, or is it an "add-on" that I must seek out and install.

Is TFA something you can elect to implement when you create a new account with ANY email provider ? . If so, how, please ?

My email account was originally established about 30 years ago. . Can I get TFA added at this time ? . Again, if so, how, please ?

Hi Mal,

Sorry for the delay. I have not logged in during the past couple days.

Every internet service provider should have TFA as an option for new and existing accounts. You can usually access this option through the settings (look to the little gear shaped symbol.) For Gmail settings login to your account through the Google search engine (i.e. Chrome). Once you are in your account click on the settings symbol and go through the following path:

Accounts and Imports --> Other Google Settings --> Signing in with Google (you will have to scroll down to this option.

The third option under "Signing in with Google" will be Two-Factor Authentication. Click the button to turn it on and it will walk you through the process. Make sure to have your phone near by as Google will send you an one-time code via a text message to complete the process. You will have to enter the code to complete the process.

Hope this helps.

Tim

 

[magpens]

@TDahl

Thanks, Tim. I will do that.

But I do not have a cell phone of any kind.
So can the one-time code be sent by email to another email provider ?

i.e. If I follow the above procedure on Google/Chrome/Gmail, can I have the one-time code sent to my Yahoo email account ?

Thanks,

 

[TDahl]

@TDahl

Thanks, Tim. I will do that.

But I do not have a cell phone of any kind.
So can the one-time code be sent by email to another email provider ?

i.e. If I follow the above procedure on Google/Chrome/Gmail, can I have the one-time code sent to my Yahoo email account ?

Thanks,

I believe the only other option is an actual phone call. You can probably use your landline number. It's obviously not as convenient but it will work.

 

[magpens]

@TDahl

Thank you for the above replies !!!

 

[TDahl]

@TDahl

Thank you for the above replies !!!

One thing to point out is when ever you login to you account, Google is going to call your home phone with a verification. So if you are not logging in from home you won't get in. But you account will be very secure.

 

[magpens]

@TDahl

Thank you for pointing that out. .