Somebody trying to steal/reset my gmail pwd. HELP !

Status
Not open for further replies.

esumitkumar

Call me Sumit
Hi

Somebody is trying to reset / steal my gmail password. As a safety feature, gmail sends password assistance to secondary mail account. I am receiving these mails once in every 2-3 months :-x

I have full headers of google password assistance mail sent on my seconday mail account. Can somebody help me in pointing out IP through which password reset request was made !

Thanks....in Advance

Here are the headers

From account-recovery-noreply@google.com Tue Apr 13 11:05:43 2010
X-Apparently-To: xxxx@yahoo.com via 203.104.17.176; Mon, 12 Apr 2010 22:35:44 -0700
Return-Path: <3rwlesxgkamehjjv1u0-yljv2ly5-uvylws5nvvnsl.jvt@gaia.bounces.google.com>
X-YMailISG: Gk5ABbsWLDvjCtTaVnUI0KxAhDltx3deUpgP6Ida6yO1B7CAGkUy2zUixeU7he19BiTBfP3put1AJBbjHEYMUOtaSquBGjs7gdY7LbBw9hCA9reL2ere3KwXjKH1gWNEVmu9GRfnX8upPhiVVua6cs0zGfvsrDDqFn5pwHXebKYPoM20FZGXiMIo9LDgvExl7xFHIvMMD3WNhyIOWSJrhbTmZMRiwlR9AmKMu6OO1zkUI9uhyMnXrdGsAdaEJ86Dss_RfITJluIgd5We6DLwJSThoXQuErLFGPr6zOwDZebGoMreokGjYb8YV7znfIbjXfBrF_rMu9u8gTjrqO3jf48IRTfreiltOBXykjuCsmfgoxHHxA2g8m.FDmbGQ.Pq7V8_vSf3xTomgzNuvYsN69XMqZMu2wlwzDzZ57dAdzn9XP0s.vEyYChTQQoFa3PAHjn3rNxLLUTDCxxvAbJxJj2388ZWFKv1N21mKM.0T1vXNT0hqI.8S6peSIDZxfbW7_xDS8rmJ8DECo.zeG8-
X-Originating-IP: [74.125.83.197]
Authentication-Results: mta1076.mail.re4.yahoo.com from=google.com; domainkeys=pass (ok); from=google.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail-pv0-f197.google.com) (74.125.83.197) by mta1076.mail.re4.yahoo.com with SMTP; Mon, 12 Apr 2010 22:35:44 -0700
Received: by mail-pv0-f197.google.com with SMTP id 12so2702221pvg.4 for <xxxx@yahoo.com>; Mon, 12 Apr 2010 22:35:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:message-id:date:subject :from:to:content-type; bh=GwID4Di9AI5LCFoDjJyKtBQdPWBFJj7xSChUVbt3uzA=; b=W0AbTvnIzZO1wwb+yNlb+BPjsRutaAqwwPsw/m4kI/aiXNyIa26MZc2MpJD/agZf59 JZA50nNMSd/4f6zPwv9A==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:message-id:date:subject:from:to:content-type; b=xIGlsu5YDTiHoB4w6Ivrq1Pis0D9JxhITxhFcAEAFCl9EwD0KdiB73vok70ekgjSag JdF5SKomLHShCl8aINtw==
MIME-Version: 1.0
Received: by 10.115.102.23 with SMTP id e23mr920878wam.8.1271136943830; Mon, 12 Apr 2010 22:35:43 -0700 (PDT)
Message-ID: <738bbcedcb323e43.accounts@google.com>
Date: Tue, 13 Apr 2010 05:35:43 +0000
Subject: Google Password Assistance
From: This sender is DomainKeys verified
account-recovery-noreply@google.com
Add sender to Contacts
To: xxxx@yahoo.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes
Content-Length: 805
 

rhitwick

Democracy is a myth
Hi

Somebody is trying to reset / steal my gmail password. As a safety feature, gmail sends password assistance to secondary mail account. I am receiving these mails once in every 2-3 months :-x

I have full headers of google password assistance mail sent on my seconday mail account. Can somebody help me in pointing out IP through which password reset request was made !

Thanks....in Advance

Here are the headers

From account-recovery-noreply@google.com Tue Apr 13 11:05:43 2010
X-Apparently-To: xxxx@yahoo.com via 203.104.17.176; Mon, 12 Apr 2010 22:35:44 -0700
Return-Path: <3rwlesxgkamehjjv1u0-yljv2ly5-uvylws5nvvnsl.jvt@gaia.bounces.google.com>
X-YMailISG: Gk5ABbsWLDvjCtTaVnUI0KxAhDltx3deUpgP6Ida6yO1B7CAGkUy2zUixeU7he19BiTBfP3put1AJBbjHEYMUOtaSquBGjs7gdY7LbBw9hCA9reL2ere3KwXjKH1gWNEVmu9GRfnX8upPhiVVua6cs0zGfvsrDDqFn5pwHXebKYPoM20FZGXiMIo9LDgvExl7xFHIvMMD3WNhyIOWSJrhbTmZMRiwlR9AmKMu6OO1zkUI9uhyMnXrdGsAdaEJ86Dss_RfITJluIgd5We6DLwJSThoXQuErLFGPr6zOwDZebGoMreokGjYb8YV7znfIbjXfBrF_rMu9u8gTjrqO3jf48IRTfreiltOBXykjuCsmfgoxHHxA2g8m.FDmbGQ.Pq7V8_vSf3xTomgzNuvYsN69XMqZMu2wlwzDzZ57dAdzn9XP0s.vEyYChTQQoFa3PAHjn3rNxLLUTDCxxvAbJxJj2388ZWFKv1N21mKM.0T1vXNT0hqI.8S6peSIDZxfbW7_xDS8rmJ8DECo.zeG8-
X-Originating-IP: [74.125.83.197]
Authentication-Results: mta1076.mail.re4.yahoo.com from=google.com; domainkeys=pass (ok); from=google.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail-pv0-f197.google.com) (74.125.83.197) by mta1076.mail.re4.yahoo.com with SMTP; Mon, 12 Apr 2010 22:35:44 -0700
Received: by mail-pv0-f197.google.com with SMTP id 12so2702221pvg.4 for <xxxx@yahoo.com>; Mon, 12 Apr 2010 22:35:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:received:message-id:date:subject :from:to:content-type; bh=GwID4Di9AI5LCFoDjJyKtBQdPWBFJj7xSChUVbt3uzA=; b=W0AbTvnIzZO1wwb+yNlb+BPjsRutaAqwwPsw/m4kI/aiXNyIa26MZc2MpJD/agZf59 JZA50nNMSd/4f6zPwv9A==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:message-id:date:subject:from:to:content-type; b=xIGlsu5YDTiHoB4w6Ivrq1Pis0D9JxhITxhFcAEAFCl9EwD0KdiB73vok70ekgjSag JdF5SKomLHShCl8aINtw==
MIME-Version: 1.0
Received: by 10.115.102.23 with SMTP id e23mr920878wam.8.1271136943830; Mon, 12 Apr 2010 22:35:43 -0700 (PDT)
Message-ID: <738bbcedcb323e43.accounts@google.com>
Date: Tue, 13 Apr 2010 05:35:43 +0000
Subject: Google Password Assistance
From: This sender is DomainKeys verified
account-recovery-noreply@google.com
Add sender to Contacts
To: xxxx@yahoo.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes
Content-Length: 805
@esumitkumar, the mail can't be traced. It happens like that, the bold part consists the senders IP, here the mail is sent by Google to you hence the IP is traced back to google servers.

Until and unless you get a direct mail from this " xxxx@yahoo.com" id, the IP can't be traced.

Why don't you put some strong password for your account

8 char long
Mix of Caps, small letter alphabets
having digits
special characters
Make it as confusing as possible (and note it down so u don't forget)

eg: P@ssw0rd123
 
OP
esumitkumar

esumitkumar

Call me Sumit
@esumitkumar, the mail can't be traced. It happens like that, the bold part consists the senders IP, here the mail is sent by Google to you hence the IP is traced back to google servers.

Until and unless you get a direct mail from this " xxxx@yahoo.com" id, the IP can't be traced.

Why don't you put some strong password for your account

8 char long
Mix of Caps, small letter alphabets
having digits
special characters
Make it as confusing as possible (and note it down so u don't forget)

eg: P@ssw0rd123

thanks Rhitwick..but u did one goof up..I had removed my yahoo mailid in headers and replaced as xxxx ..This mail was sent to google on my yahoo mail address :mrgreen:
 

rhitwick

Democracy is a myth
thanks Rhitwick..but u did one goof up..I had removed my yahoo mailid in headers and replaced as xxxx ..This mail was sent to google on my yahoo mail address :mrgreen:
Oh, my bad...from your query I thought google did u a "CC"... :p

Will elaborate the incident a bit more to get me a view of the situation?

What happened exactly?
Do you have any idea from which mail id the password reset request came?
 
OP
esumitkumar

esumitkumar

Call me Sumit
let me elaborate..suppose I am in Delhi and you are in Mumbai..

You from your ofc PC go to google password recovery link

https://www.google.com/accounts/ForgotPasswd?service=mail&fpOnly=1

You enter my username and google sends a recovery link to my yahoo id (secondary mail account)

To initiate the password reset process, please follow the instructions sent to your ******@yahoo.com email address. If you don't have an alternate email address, or if you no longer have access to that account, please try to reset your password again after 24 hours. At that point, you'll be able to reset your password by answering the security question you provided when you created your account.

Now my question was is it possible to determine your PC's IP through my yahoo mail headers ???
 

rhitwick

Democracy is a myth
let me elaborate..suppose I am in Delhi and you are in Mumbai..

You from your ofc PC go to google password recovery link

https://www.google.com/accounts/ForgotPasswd?service=mail&fpOnly=1

You enter my username and google sends a recovery link to my yahoo id (secondary mail account)

To initiate the password reset process, please follow the instructions sent to your ******@yahoo.com email address. If you don't have an alternate email address, or if you no longer have access to that account, please try to reset your password again after 24 hours. At that point, you'll be able to reset your password by answering the security question you provided when you created your account.

Now my question was is it possible to determine your PC's IP through my yahoo mail headers ???

o_O...
No, it won't be possible as the mail is generated from google server and then sent to your mail id whereas in SMTP (If I'm not Wrong), the mail binds the originating IP with the sender's mail ID.

your pc (mail with pc IP in headers)---><senders company>server (mail with pc IP in headers)---><receiver's company>server(mail with pc IP in headers)--->receiver's mail id (mail with pc IP in headers)
 

TheHumanBot

Padawan
you can add your mobile number to gmail account.
so when ever anyone try to recover your account he needs a confirmation code which gmail will send to you on your mobile number which one you have entered on your gmail account.

i am using this feature you can recover your forgotten password via SMS.
 

dreams

Gracias Senor
Gud one Vishal. Will help him.
As a precaution, make your password stronger and also the security questions.
 
Status
Not open for further replies.
Top Bottom