Someone recently tried to use an application to sign in to your Google Account

reply to post by SyntheticPerception


I received the same notice from Google about 3 or 4 months ago, mine was an actual person who tried to access my gmail account from China. Google recommended I change my password, which I did, and no more problems since then. I can't speak to any agenda as it could be a number of things, many I would not even dream of, so no point in guessing. Google has the best security of any browser out there. I feel secure with them.

reply to post by Iamschist


Thanks for the information, nice to know you experienced too and it was a legit warning.

I got the same e-mail today and mine was indeed from Google. I Googled this e-mail to find info on other's experiences with this issue and this was one of the first results. After reading this thread I thought I'd provide some tips as to what to do since this was one of the first results in case this happens to someone else.

1) If you're reading the e-mail you're likely in your G Mail account already so you can goto the bottom right of the page and click on the activity details link. If you see activity in a red row the e-mail is likely legit and there is a possible threat to your account. The activity details opens in a new window so you may have to disable pop up blockers to view it, but don't forget to re-enable them.

2) Run a virus scan, a full scan is preferred but a quick scan should catch anything that is currently running. This will make sure your system isn't compromised, which if it were it wouldn't matter if you changed your password as they'd likely have your new one as well until you got your computer malware free. In my case I was not infected, but you should always do this in situations like this to be safe.

3) In my case the info in the e-mail from Google was;

Tuesday, January 15, 2013 9:01:57 AM UTC
IP Address: 119.247.22.124 (119247022124.ctinets.com.)
Location: Hong Kong

So I went to my firewall and added the IP address to a black list (in Windows Firewall create inbound and outbound rules in the advanced settings to block connections) to prevent my PC from sending or receiving info the IP address. I did this for two reasons, I don't know this IP so I have no need for my PC to talk to it and there's always the chance you're infected with an unknown piece of malware so I prefer to just block that IP from my PC altogether.

4) Goto the top right and click on your name or profile picture than click on Account. On the Account screen click on Security and change your password AND security question. While here double check your recovery phone number as well as the recovery e-mail to ensure they have the correct info. The shift key being a "ghost key" isn't really correct, most key logging software can record it's use as something like Shift-Hold/Shift-Release. But using upper and lower case letters as well as numbers and if allowed special characters (ex. # or $) and making your password atleast 8 characters long makes your password ALOT harder to crack.

This should help secure your account and hopefully you won't get messages like that any more. FYI even if it appears to be a legit e-mail you should never click links in e-mails like these, not only is there a chance that the page you goto is a phishing page that wants you to log in on that page and they steal your log in info at that time using the fake log on page, but it's also possible using vulnerabilities in things like Java, Adobe Flash, Adobe Acrobat Reader, Microsoft Silverlight, ect... a malicious page can cause a piece of malware to infect a computer just by visiting a page with no farther user interaction. Up to date OS with patches, up to date software, and an up to date antivirus program that actively watches over your computer will reduce the risk of this happening however.