Is this Google mail from gaia.bounces.google.com legit or another attempt of scam?
I've received the following suspicious mail in my Gmail inbox, about my password being exposed:
As you can see, it comes from gaia.bounces.google.com and is signed by accounts.google.com. But there are two things that seem weird to me:
- It is written in Portuguese. I live in Spain (but near the border with Portugal, just in case that's relevant) and usually receive Google mail in Spanish.
- The mentioned account is a @hotmail one I use as a backup account, not the main Gmail one that I use. It's been listed on haveibeenpwned.com a time ago but I changed all my passwords a few months ago when I started using a password manager.
I cannot see any problem with the signature, and the links on the mail seem legit. I've checked the certificate on the linked website and read this. Is this gaia.bounces.google.com legit? Does Google warn about other non-Google accounts?
- The email you've received from gaia.bounces.google.com is legit, it is signed with the correct certificate from google. However, you are not the first one to raise a red flag for this one, whole security industry specialized in social engineering is applauding To answer your question, yes google does check databases of leaked credentials also for your recovery email address. Chrome has now functionality for checking hashes of your passwords (to any account on any website you're logging into) with their database of leaked credentials. This is part of their safe browsing feature.
- 1. The email says that it comes from Google and the sender’s email address supports that.
- 2. The account owner is identified by name (and photo!)
- 3. A mouse-over of every link demonstrates that they all point back to a Google.com website.
- 4. Most of the links contain https. The “s” in https stands for secure!