Aren't catchall aliases self defeating?

[TenFour]

Be careful! Maybe they are trying to lure you to open some attachment or something in Drive. By any chance do you own any crypto currency?

[j_b]

Ha lol. Actually only a couple of those accounts have files in their Drive. A combination of Sheets, Docs, jpg, no pdf. The 1st few times I opened these documents (in the browser) I used a VM, and a fresh browser not used for anything else. Subsequently I might have been less cautious.. but afaik, I have not caught anything.

Most don't have anything in Drive, Photo, .. though. Only emails (with no attachments).

What's the link with crypto ? No I don't own any, but still curious..?

[TenFour]

Scammers target crypto users.

[j_b]

That would be a very circomvoluled way to phish! Creating Google account, setting up recovery email to lure the email owner to open some document in Drive (assuming he even thinks about doing that) .. Much easier to just send out a bog standard phishing email! Besides, like I said, the majority of these Google accounts look brand new, with no content whatsoever (apart from random mails sent out -found in Sent- with no attachments, no links, just random incoherent text).

In fact, mydomain.tld does receive its occasional share of spams, but very far from overwhelming. So they know that mydomain receives mails / doesn't bounce them, but they don't try to spam it to death (so far).

[n5bb]

Maybe they wanted you to recover those accounts to distract Google from discovering the scammers. My guess is that it’s still some type of accidental error you are caught up in.

Of course, there is a tiny possibility that someone is testing you to see what you do when tempted. My previous employer (I’m now retired) would use a security service to send fake phishing emails to the employees to see if we would take the bait and click on the links to domains not associated with our company. They were trying to get us to only respond to messages from our true company domain name. What was really funny was when corporate officers would send us messages inviting us to webinars or other events through some service at a non-company domain. I would ignore those messages as possible phishing, but the persons involved were not happy that I was ignoring them. The company officials were ignoring the security training sessions they made us take.

Maybe some AI system is hallucinating and creating those accounts and then asking you to recover them for no reason at all. Does there have to be a reason for every event in our universe?

Bill

[TenFour]

Quote:

That would be a very circomvoluled way to phish! Creating Google account, setting up recovery email to lure the email owner to open some document in Drive (assuming he even thinks about doing that) .. Much easier to just send out a bog standard phishing email!

It got you to log into the account and check out what was stored there! Probably not a scam, but I still wouldn't touch those accounts with a ten-foot pole.

[n5bb]

What if a scammer wanted to confuse Google security by making it seem like your domain was responsible for those scammy accounts? They might have discovered your apparently lightly used domain (with an MX record but no apparent email traffic and no website) and they are activating account recovery just to show that your domain is who is responsible. They might send out hundreds of those account recovery attempts to a few legitimate but lightly used target domains, hiding who is really responsible for the Gmail accounts.

I would be worried that Gmail would block your domain if this continues. You might want to contact Gmail security so they don’t think you are part of the scam operation.

Bill

[j_b]

Quote:

Originally Posted by n5bb

What if a scammer wanted to confuse Google security by making it seem like your domain was responsible for those scammy accounts? They might have discovered your apparently lightly used domain (with an MX record but no apparent email traffic and no website) and they are activating account recovery just to show that your domain is who is responsible. They might send out hundreds of those account recovery attempts to a few legitimate but lightly used target domains, hiding who is really responsible for the Gmail accounts.

I would be worried that Gmail would block your domain if this continues. You might want to contact Gmail security so they don’t think you are part of the scam operation.

Bill

Hi Bill,
Thank you for your concern.
I am glad to have this conversation actually. I believe I am not the only one being targetted as "recoverer" for Google accounts, as I have seen a few posts mentioning this on the r/Gmail subreddit. However I think it's rarer that someone is being targetted so many times, like me, because I happen to pigeonhole all these recovery emails thanks to my catch-all (and my original post was about strange use of catch-all!). In any case, no one on Reddit has offered any plausible explanation for this thing.

Testing I guess never impossible, but I am sitting here at home on my personal computer, totally separated from my work computer (where anything Google apart from the search page is heavily blocked anyway), so I don't really see the point.

Google doesn't ask me to recover, it just asks me to confirm that I want to be the recovery email of the inquiring Google account, something I never confirm. However confirmation is not necessary to activate or validate the recovery email, which can then be used (most times, esp when no phone attached) to recover said Google account.

I don't care that Google blocks mydomain.tld, as I don't use it at all. I just put a catch-all on it, because, well, it's free, and it doesn't bother me that much (like I said, the amount of spams caught is fairly minimal, and I will probably disable the catch-all if spams become overwhelming). There is no SMTP, no mail being sent out from this domain, mydomain.tld also doesn't have any IN A record, so I am quite indifferent if Google or anyone blocks it. Yes, it is my surname, but I have chosen not to use it and it's been more than 2 decades so I don't expect to change my mind, because **it's not a dotcom **I own and use a dotcom domain as my personal mail, which is even older than mydomain.tld (I only got mydomain.tld -a very common surname- by accident not by design, when it was abandoned by the previous registrant and I picked it up in the recently dropped bin of the registrar - this was early 2000s when things were a lot less complex) **I don't actually like the idea of having my surname in clear in my email address(es), besides I much prefer my short-ish, easy to spell, more discreet dotcom domain, that I registered back in the late 1990s, which I have used ever since (and if I ever receive similar recovery notification on my dot com domain which also has a catch-all, I for sure won't play around with it..)

[j_b]

Quote:

Originally Posted by n5bb

What if a scammer wanted to confuse Google security by making it seem like your domain was responsible for those scammy accounts? They might have discovered your apparently lightly used domain (with an MX record but no apparent email traffic and no website) and they are activating account recovery just to show that your domain is who is responsible. They might send out hundreds of those account recovery attempts to a few legitimate but lightly used target domains, hiding who is really responsible for the Gmail accounts.

Then it is a good enough reason for me to take over all the Google accounts that the spammers "send to me"!, because once taken over by me, (I can reasonably assume that) they are not used to send out spams or anything nefarious anymore!

[j_b]

Quote:

Originally Posted by TenFour

It got you to log into the account and check out what was stored there! Probably not a scam, but I still wouldn't touch those accounts with a ten-foot pole.

Also, if they successfully upload and store malware, or malware-embedded documents, on Google Drive, without triggering Google's own AV + Google to disable the account, then Google still has some work to do !