Google critical security alert emails are received by users when there is some suspicious or unwanted activity occurring in their accounts.
It could be that someone was trying to log in to your account, or an unusual number of emails were sent at once. You can also receive this email when you log in to Gmail on a new device.
Now, scammers can create the same email and send it to you. The email will ask you to take some action because your account is in trouble. Once you click on that link and enter your login credentials, your account will be hacked.
Therefore, knowing the difference between a real and fake security alert email is essential.
First, I will explain the parameters you need to check for differentiation. Second, I will tell you how to determine if the email is from Google or a scammer. Lastly, there is a section for those who have fallen for the scam and the steps they can take now.
How can one differentiate between a real and fake security alert email?
There are four details to check in order to determine whether the email is real or not. If these elements look suspicious, the email is likely to be fake.
1. Check the Sender’s Email Address
The email you will receive from Google will have the following email address:
If that’s not the case, then it could very well be a scammer who sent you the email.
The job doesn’t end here. The scammers can do email spoofing and make themselves appear as if the email was indeed sent from Google. This is a common practice in phishing attacks and makes it difficult to spot a fake email.
Therefore, you must also go through the other two steps to be fully satisfied that the Google critical security alert email is genuine.
2. Check The Email Header
The headers of any email contain the Mailed-by and Signed-by addresses. When you receive a security email, check if both of them lead to a Google domain or not. If not, then this is a red flag.
Here’s how you can see the headers in Gmail:
- Go to Gmail and click on the security alert email.
- Click the drop-down arrow beside “to me”.
- Now check the Mailed-by and Signed-by headers.
As you can see, the Mailed-by address will be gaia.bounces.google.com, and the Signed-by address will be accounts.google.com.
On the other hand, a fake email can have a header like this: http://scammer.com/a/google.com
Here, google.com is in a folder rather than the domain. It’s enough evidence to consider it a phishing attempt.
3. Check the DKIM of the Email
DKIM (DomainKeys Identified Mail) is a good way to check the authenticity of the email as it contains the domain from where the email was sent. So, for instance, if the email is from Google, the DKIM section will read, ‘PASS’ with domain accounts.google.com. If the domain doesn’t lead back to Google, then the email is not safe.
Here’s how to check the DKIM of an email:
- Open the security alert email.
- Click on the three vertical dots menu on the right,
- Click on Show original to open the email Header.
- Now you can check the DKIM and other details of the email.
4. Check the Information in the Email
A security email from Google will usually contain sign-in details which include the time, location, and device that was used for signing in.
Contrarily, a fake email will have irrelevant attachments, phishing links, contact forms, and so on. If this is the case, know that this email is not from Google.
What to do if the Critical Security Alert Email is from Google?
If the email is from Google and you indeed signed in to a new device, then it’s not a problem. Simply click on Yes, It’s me and you’re good to go.
However, if it wasn’t you who signed in, then there’s an issue. Someone else has tried logging in to your account or has logged in. At this point, you should do the following things:
- Change your account password and log out from unknown devices.
- Go through your Google account security settings and make sure nothing has changed like your recovery email, phone number, etc.
- Remove apps to whom you didn’t give email access yourself.
- Enable Two-step verification.
- Review your Subscriptions and Payment settings to ensure no transaction has been made that you didn’t make.
- Change the passwords of apps (especially banks) that are synced with your Gmail and saved on the browser.
What to do if the Critical Security Alert Email is from Scammers?
If this is the case, then it’s not something to worry about (if you didn’t click on anything). A phishing attack only succeeds when the users share their private information. If you haven’t done that, then you’re safe.
Here are some things to remember if you’re sure that it is a fake email:
- Do not open any attachments.
- Do not open any links.
- Don’t call the contact number, if there’s any.
- Click on the three dots menu on the right and select Report phishing to report the email.
- Block the sender to avoid receiving any more scam emails from them.
What to do if you Fall for the Fake Email?
Phishing emails are common. In fact, they were the number one cybercrime in 2020. If you’ve become a victim, first make sure to reset your account’s password.
Use your recovery email or phone number to log in and change the login credentials as soon as possible.
Secondly, run your antivirus to look for any malware or suspected files that were installed by the scammers. If found, delete them permanently.
Similarly, if you opened a link and landed on a doubtful website, then reset your browser. This will stop the scammers from hijacking it.
Lastly, if someone has gotten complete access to your account, unfortunately, then make sure you change all the other saved passwords. This will at least keep them from accessing some of your other accounts.
Remember the points I’ve mentioned to avoid falling for phishing emails. Never click on anything if the email looks suspicious. And once you realize the email is fake, don’t delay reporting it.