Home » Big Idea Tech Blog » Blog » Beware of Google “Password Changed” Scam

Beware of Google “Password Changed” Scam

Google - password changedHave you ever received an email from Google telling you that the password for your Google Account was recently changed?  If you didn’t change your password and received this email, you might be concerned.  The email says that if you don’t recognize this activity, you should “click here” for more information on how to recover your account.  Think twice before you click!

Fake Gmail Message

Two of our staff members received this email message.  One was legit and one was not.  How do we know that one of them was actually a scam and not a legitimate email from Google?  At first glance, both emails look the same; aside from the little red circle with a shield, they have the exact same message and layout.

Google - password changed example 1

Google - password changed example 2












Spotting an Email Scam

On closer examination, these are the differences.

  • They both appear to be from a google domain, which is good (though frequently phishing emails do spoof legitimate domains). The one on the right (to Beverly) is from “Google <no-reply@accounts.google.com>”.  The email on the left (to Ben) is from “The Google Accounts team [mailto:reply@accounts.google.com].  However, the email specifically says “This email can’t receive replies” so it’s a little strange that Ben’s email says “reply” in the sender’s email address.

Google - Email from

  • It is common for scammers to copy the logo and email format from a legitimate brand, but scam emails frequently have awkward wording, poor grammar, and inappropriate use of symbols. In the tiny font at the bottom, Ben’s email has a capital A, with an accent, to the left of the Copyright symbol. This is not the way the copyright should be written.

Google - fine print

  • The real giveaway is found when you hover over the links. As you can see in the red circle below, in the email to Ben, the “click here” link “for more information on how to recover your account” does not go to Google at all!  Instead it is a link to download a .doc file from a website with a German name, at a domain registered in Germany!  Guaranteed, downloading this document would infect your computer with malware!

Google - password changed links 1

In the email to Beverly, the red-circled “click here” link does point to Google, as it should.  Though not a giveaway, it is interesting that the “Google Accounts Help Center” link – circled in green – does in fact go to a google domain in both emails, though the one to Beverly goes to the specific support article.

Google - password changed links 2

Analyze the Email

In fact, there was another indication that the email to Ben was a scam.  It was sent to his Office 365 email address, which is clearly not a Google Account, so it does not make sense that he would be informed in an email to that address that the password for his Google Account had changed.  Beverly’s email was sent to her Gmail address, so, if she hadn’t recently changed her password and had no reason to click the link, she would have needed to analyze the email before clicking.

Hover Over Links to Identify Phishing

One goal of scam emails is to “fish” for sensitive information.  Phishing emails with redirected links might download malware or trick you into entering your credentials and credit card information on the hacker’s site.  At first glance, these scam emails may look like the emails from legitimate senders.  Identify Phishing emails by verifying the links and don’t click on the links that are not legitimate!

At Big Idea Technology, we always remind our clients to hover over links before clicking on them.  This will reveal the true destination of the hyperlinked text.  Be wary of links that appear to go to the expected domain, but that actually have the brand name as a subdomain of another URL.  (The domain name needs to appear directly before “.com” as in company.com.  A subdomain would be in the format company.scamsite.com.)  Also, look closely at the link to ensure that the company name is not spelled incorrectly (such as copany.com) and doesn’t add words to the URL (such as companyinfo.com).  Being cyber-aware, and being wary of redirected links, will help protect your computer – and your company – from malware.