I’ll admit it – I’m addicted to google and their services. I use Android, which saves my location history (which helps with my travel reports for work – months later I can see when and where I was), provides me with voice searches and contact management. I am a gmail user since they first announced their opening on April 1, 2004 (Ok it took me a week or so to get an invite, but I am one of the first bunch of users). I have a ton of private information here, bank statements, passwords (from sites which send you a password via email in plaintext), work contacts, etc;
Google offers great services for protecting your data as well. I am following all best practices: I have a strong password, I have enabled two factor authentication and regularly review my account activity for anything suspicious.
Or so I thought: I received a troubling email today with the contents thatÂ someone is trying to reset my password:
Thank you for contacting Google.
We received your report that youâ€™re unable to access your Google account [email@example.com] and we understand that it can be frustrating. We want to help you!
At Google, we take the privacy and security of our users seriously so we need specific details about your account to help us verify that you’re the real owner and not someone attempting to gain unauthorized access.
The next step to recover the account is to file a claim for the account. Can you please file a claim for the account in question,[firstname.lastname@example.org], from the contact [email@example.com].
The process to file a claim for the account is as follows:
1) VisitÂ https://www.google.com/
2) Click on “I don’t know my password” (Enter [firstname.lastname@example.org]Â as the email address).
3) Enter username and captcha if asked else answer all the questions posed by the system with the most accurate guesses.
4) Click Â “Verify your identity”, â€œa different wayâ€ Â link at bottom of page or “I didn’t enable 2-step verification” option.
5) You will reach a screen where is says “Password help for [email@example.com]”. Â Under Contact information, you can enter [firstname.lastname@example.org].
It will take approximately 3 – 5 business days for our technical team to respond. Â Please check your junk and spam folder for the response.
Let us know if you have any other questions.
Google Accounts Team
After determining this is not a spam/phishing message, I concluded that this is simply a mistake, someone has accidentally tried to reset my account’s password; no big deal I will simply respond to them and explain the situation:
Simple, to the point, but what follows is an egregious case of someone following a script and this request is clearly not handled by their script. A number of emails back and fourth have convinced me that in 3-5 days, I may no longer have access to my account.
I will concede that this is not a ‘hardware’ issue, and I’m not sure why this request is being handled by “hardware support” – but this is the email address which originally notified me that my account password can be reset. I would hope that if ‘hardware support’ can start a password reset case, they can also contact a team responsible for it. Â This is the first reply:
Thank you for contacting Google. My name is [redacted]Â from Hardware technical support. I was able to review your concern regarding your Google account. If you think that someone is trying to login to your Google account, please follow the steps below in order to make your account more secure:Â https://support.
The Google Support Team
The steps listed on the checklist are useful if you’re not already doing them and I would recommend you follow them; in my case I have every single step already covered, and this procedure would go around them all.
Thank you for your reply. Based on the issue that you have, you need to visit the ic3.gov website to file a complain regarding the email address that is messing up with your account. And the reason why the agent sent you an email on how to recover your account, is because as he understand, you’re unable to login or forgot your password. If you’re unable to use the ic3.gov support page, then try to visit our support website:Â https://support.
After 11 mails back and fourth between the Google Support Team and myself (each time I wrote I asked to be transferred to the right area), I need to:
- Contact the US Government to report Fraud (it is important to note here, I am in Germany)
- Call the Google Device Support in Denmark
- Pray to the FSM that Big Brother Google doesn’t let an anonymous personÂ into my account
I surely hope that the people handling security/privacy at Google are not this incompetent! If they do mistakenly reset my password, I am not sure what recourse I have either — probablyÂ I’ll have to follow the same procedure this person has done, then get flagged that this account was recently reset.
For this reason I have embarked on a personal goal to dump the “cloud” completely; I can’t quit cold-turkey, but a systematic dumping of cloud services is possible.