Getting spurts of single-use for Gmail

These come in spurts of something like 5 or 20 or so every few days, with periods of no such authorisation requests. I have my own per options As to why this might be happening, but I do welcome other people’s wisdom on this matter.

smuggler.ie

for your account or other? should be stated in the message. Could it be that someone set account that is similar to yours and now by mistake initializing recovery(unsuccessfully i guess).

My account, I have a very unique name, nobody else on the planet apparently shares my name.

Donald Trump

I don't really understand the post fully but I am guessing that someone is putting your account as a recovery email for a random (perhaps similar) email address?

Why would they do that? Well, one reason might be if there is a link in the email along the lines of "disconnect this, it wasn't me". You can click on that and think "we'll they can't do anything on me as it's a google link"............ And you would be right in a sense.......... But what it does tell the possible scammer/spammer is that your email account is real and active. Because they will see that you unlinked your account as a recovery email.

I am personally suspicious that an individual is doing this, I have some reason now to believe might be the case to cause some nuisance.

Donald Trump

https://haveibeenpwned.com/ will tell you whether your email address is on any leaked list of emails/passwords etc.

(You obviously have to assume that that site itself isn't harvesting those emails .... but it is fairly well known and regarded)

I also think the guidance activator might likely be a familiar person:

ItHurtsWhenIP

I'm struggling to understand what you have been saying and suspect that auto-complete is not helping. I'm guessing the last message means that you think you know who is behind this activity.

Would I be correct to assume the messages are from Google telling you either:

• that somebody has attempted but failed to sign-in to your Gmail account

-OR-

• is looking for you to confirm a sign-in to your Gmail account

If the former, then it would indicate that they may be trying to brute force the password by guessing what your password is. If you don't have 2-step verification (as Google calls it) activated on your account, then do set this up as soon as possible. I would recommend you set it up to use a code generated by an authenticator app like Google Authenticator or Microsoft Authenticator (both are free and work across Android and iPhone)

https://support.google.com/accounts/answer/185839

If it's the latter, then it may indicate that you do have some for of 2-step verification turned on and this other person has been trying to sign-in to your account, but being blocked by the verification step. They may try to cause a flood of these confirmation messages to piss you off so you end up clicking "yes it's me" to stop them ... don't do that! Change the 2-step verification to use an authenticator app instead, and rely on the generated codes from that. Never give these codes to anybody else over the phone or through a message.

If you are an individual with a particularly heightened threat model (law enforcement, military, journalist, dissident, human rights advocate, etc.) then you should implement security keys on your accounts. Something like YubiKeys or Titan Keys.

I am pretty sure it was brute force. Gone quiet last few days. The attempts were allegedly made from various places like NY, Seychelles, Canada, but of course these may be alias locations.

ItHurtsWhenIP

Well the advice re turning on 2-step verification, if it's not already on, still stands.

The changing locations could indicate the perpetrator is using TOR or jumping around on a VPN. I wouldn't pay that aspect any attention.

Oh yes I have that turned on.