in Follow-Up, Meddling, X-Geek

Google’s “Someone has your password” emails still ripe for abuse

Fraud or not? Always be on guard!

I got another “Someone has your password” emails today from Google’s security team. These appear to be sent due to a flaw in the way Google geolocates the IP addresses used by our T-Mobile phones and are thus false alarms. That doesn’t keep me from freaking out every time I get one, however.

What’s more, it is exactly these emails that compromised John Podesta and the Democratic National Committee’s emails during the campaign. I consider myself fairly savvy at detecting phishing emails but I have to admit that the fake email the Russians sent was good enough to have had a chance of catching me.

I emailed a friend at Google to make sure the company knew their geolocation stuff was in need of serious work. My friend replied that Google is aware that their algorithm needs work and were working on a way to receive feedback from the message recipients. It appears Google’s “New sign in from … ” emails have a feedback link at the bottom but the “Someone has your password” emails still do not.

I appreciate getting alerts when unauthorized activity is detected but I could certainly do without the false alarms.