Is this a scam

[MacBookpro2011]

First time getting this type of email, I erased the email out that was included. It was my yahoo email. I do remember yesterday having to sign back into gmail twice and I used 2 step verification with a code to my cellphone but not sure if this would trigger the email. Both of my gmail an yahoo emails have different passwords. I believe I had cleared the google cookies a coulple of times after searching for something. Thanks for any info.

 

[KaliYoni]

I would treat it as legitimate but avoid clicking anything in the email and, next, I'd immediately delete the email. Then, I would go to mail.google.com using a web browser and immediately change my password and other login credentials.

 

[Apple_Robert]

Check the email header. Is it from Google?

 

[thekev]

They offer authentication.

Check if your Gmail message is authenticated - Computer - Gmail Help

If you see a question mark next to the sender's name, the message isn't authenticated. When an email isn't authenticated, that means Gmail doesn't know if the message is coming from the person wh

support.google.com

This does not look like one of google's security alerts to me. Since inference isn't perfect, they tend to avoid stating things so concretely and merely notify you of security events. They can see where you signed on and whether the location and device are recognized.

My guess is that it won't be authenticated.

 

[MacBookpro2011]

It shows as being from no-reply@accounts.google.com with no question mark just a check mark. I went to my google account/security/recent security activity: States No security activity or or alerts in the last 28 days. I use 2 step verification as well. Devices shown as signed in are my Mac and Cellphone.

 

[Apple_Robert]

It shows as being from no-reply@accounts.google.com with no question mark just a check mark. I went to my google account/security/recent security activity: States No security activity or or alerts in the last 28 days. I use 2 step verification as well. Devices shown as signed in are my Mac and Cellphone.

I don't use Google but, that header looks correct. I would act on @KaliYoni advice. If you don't have 2FA turned on, you should do that immediately.

 

[MacBookpro2011]

2FA is turned on in both, I just checked my yahoo email that was mentioned in the email I received and the only activity and log in activity for yahoo mail in the security settings are for me.

 

[Apple_Robert]

2FA is turned on in both, I just checked my yahoo email that was mentioned in the email I received and the only activity and log in activity for yahoo mail in the security settings are for me.

If 2FA was already set up thru an authenticator app, you should be fine but, I would change your password just to be safe.

 

[thekev]

It shows as being from no-reply@accounts.google.com with no question mark just a check mark. I went to my google account/security/recent security activity: States No security activity or or alerts in the last 28 days. I use 2 step verification as well. Devices shown as signed in are my Mac and Cellphone.

I would probably report that email.

Avoid and report phishing emails - Gmail Help

Learn how to spot deceptive requests online and take recommended steps to help protect your Gmail and Google Account. What phishing is Phishing is an attempt to steal personal information or b

support.google.com

 

[maternidad]

I would probably report that email.

That email address is managed by Google. @MacBookpro2011 are you certain that you, while viewing the account security page, were logged in to the account that was referenced in the message you received?

 

[MacBookpro2011]

Thanks for the help, decided to take the advice and changed both of my email passwords and has 2FA setup. My password for gmail was last changed in 2019 and yahoo in 2016, over due to say the least.

 

[MacBookpro2011]

That email address is managed by Google. @MacBookpro2011 are you certain that you, while viewing the account security page, were logged in to the account that was referenced in the message you received?

I was logged into my mac mail and the gmail was also logged in at the time. I did notice the PW's on both had not been changed in a long time so I went ahead that did both.

 

[Ritsuka]

Everything can send every mail they want with the sender address they want. That's how email works.
So don't trust the sender.

 

[fischersd]

First time getting this type of email, I erased the email out that was included. It was my yahoo email. I do remember yesterday having to sign back into gmail twice and I used 2 step verification with a code to my cellphone but not sure if this would trigger the email. Both of my gmail an yahoo emails have different passwords. I believe I had cleared the google cookies a coulple of times after searching for something. Thanks for any info.

Ok. Suggestions from someone who has managed people that do this for a living "white hats"

Never, ever trust anything in these emails. They may be legitimate, they may not be. Doesn't matter. NEVER, EVER click on ANY links or buttons!!! Get the reporting-malware-phishing address for the service provider from google and forward the e-mail. Then, check your browser extensions to make sure everything is trusted, also check your notifications that everything is trusted, flush your cache and login to the provider in question (even better from another browser - again, flush the cache first). In this context, given the verbiage of the message, login to the service provider and change your password, using a string password - and enable 2FA if they have it available. (their security may have been compromised...and, if it has, it could easily be again in short order!)

If you have any contacts in security for the provider, I'd reach out to them. Never can be too careful.