Hacked: Google sent me a warning that my account was used via mobile in the NY region what should I do?

Change your password.

Actually, it doesn’t look legit—it looks like pfishing to me. If you changed your password using the link provided, you may have just opened up yourself to hackers.

Do a virus and spyware scan of your computer—make sure you have the latest updates. Notify Google of the incident by forwarding it to them. Change your password again going directly through the google secure link https://www.gmail.com

Good luck.

Its good you did not click the link, and good you changed your password. Can you send google the information? Or, there might be a government agency to report it to.

Type in https://mail.google.com and change your password again, if you are really worried.

If it is pfishing, what gave it away?

There was a LINK to change password IMMEDIATELY. Both of these are common in pfishing schemes. That’s why I suggested typing the link, but looks like Fluther automatically converted that to a clickable link.

you are being phished. send this link/screengrab to google.

If this came as a gmail, look at it in “show original” [drop down next to “reply”] and if the sender info stinks go back to the menu and click “Report phishing”

It wasn’t an e-mail. It was it’s own window. I typed in the link on the image again right now to see. I clicked the “Learn More” and it does go to the Google Help center. I think it’s real? Anyone can offer up a similar observation?

http://support.google.com/mail/bin/answer.py?hl=en&answer=45938&ctx=gmail#0

this is the next link that looks legititimate next to “change password” And yes @JLeslie I didn’t click their links provided I went into the settings my own.

It’s real. Google notifies you when it notices that you have logged in from a location that isn’t of the norm. For example, I live in San Diego, CA, and was notified by Google when there has been a log in attempt from Brazil. Using proxy servers may also trigger this notification to appear, due to the fact that log-in sessions will be attempted at a different location other than your own area. You can actually revisit the window in your screenshot by scrolling down to the bottom of your inbox, where it says “Last account activity: x hours ago” and clicking on “details” right under it.

In your screenshot, the log-in in question would be the New York location. If you weren’t in New York during that time and know that this log-in session was not you, then it would be smart to change your password, but like many have said before me, the safest way to do this is by visiting the gmail settings page and changing it there, making sure to avoid any unfamiliar links.

@fearofsleep Thanks! Yes and I have manually went into my settings and changed PW from there.

Why should it be debatable though? Shouldn’t there be a sure way of knowing that it is a fake? That is, if it were real, there wouldn’t be ”a LINK to change password IMMEDIATELY.” to quote @RocketGuy.

@flo

Does Google say it would never have a link to change password immediately? Also, it goes directly into settings account when clicking the link, but again, that isn’t the way I changed my PW. :D

I’m looking at @RocketGuy‘s answer which makes sense to me. He probably knows more than me.

No, I’m more paranoid than most.

@RocketGuy it doesn’t sound like it to me.
The idea is supposed to be for a credible site not to be mistaken for pfishing site, right?

@whitecarnations I would take the answer that helps me to be more cautious, always.
@RocketGuy‘s answer makes perfect sense.

Google and others have your alternate email address for occasions like this. So, you can send them an email (with the screenshot attached) asking them if they sent it to you.