Videos
The message from Google I'm referencing is this;
This Spike in user-reported spam alert is to inform you that an unusually high volume of messages from a sender have been marked as spam.
The alert details include:
Summary: 12 message(s) were reported as spam by users in your domain. There was 1 recipient(s). Activity date: Wednesday, 29 Mar 2023, 09:30:43 (UTC) Total user reports: 12 Reported by: (user's email 12 times) Severity: HIGH
I've been largely ignoring these but I can't help but feel that I'm supposed to be doing something to prevent it? I don't really see anything in the Google Admin reporting tool to action this other than acknowledging and clearing the warning.
-------------------------Email Received------------------
From: Google Workspace Alerts : google-workspace-alerts-noreply@ google.com
reply-to: Google Workspace Alerts : google-workspace-alerts-noreply@ google.com
to: me@ death-requests.org : mailto: me@ death-requests.org
Rule Name: [ACTION REQUIRED] Legal notice regarding your Google Account - Assigned to Avery C : postmortem-legal @ google.com - Case ID: ############# ##-
This message is to notify you because this mailbox is linked to the Google Account specified in your request. We wish to express our deepest condolences during this challenging time and thank you for your patience. Should you have any concerns or additional information to share, you can access your case using the authorized email address below. To protect your privacy, sensitive information has been redacted and this message will be permanently redacted after 30 days. If you did not request this, please cancel the case at your convenience.
Case file: https://sites . google.com/u/########/d/########/edit
Full name of the deceased person: [redacted] [redacted]
Email address of the deceased person: *******@*****.***
Full name of relative/legal representative: [redacted] [redacted]
Email address of relative/legal representative: *******@*****.***
Attachments: social_scan.pdf, proof_of_address.pdf, court_certified_letters_testamentary.pdf, passport_scan.pdf, death_cert_(2).pdf
Additional comments or instructions: Please forward all replies to my protonmail, thanks.
The Google Workspace Team
1600 Amphitheatre Parkway Mountain View, CA 94043; +# (###) ###-#### (Intl.)
---------------- End of Email-----------
This is a phishing scam that will link you to a users' created login page of google. It'll steal your credentials.
The email that sends it to you uses a google.com domain. Always be careful and stay safe!
Hi,
I received this email from: Google Workspace Alerts <google-workspace-alerts-noreply at google.com>, (I changed the "@" symbol to "at" to adhere to the rules) looks like a legit address.
The link at the bottom of the email actually links to Google's alert center. I'm a "vanilla" google user (not a workspace user), and therefore, I have no way of logging in. Is this a scam? Has this attack been documented anywhere? What's the recommended course of action?
The email "header" is the following. Note that the "to" address isn't my email:
|| || |from:|Google Workspace Alerts google-workspace-alerts-noreply at google.com| |reply-to:|Google Workspace Alerts google-workspace-alerts-noreply at google.com | |to:|me at cases-postmortem.org | |date:|Mar 4, 2025, 8:10β―AM| |subject:|Alert: Reporting rule - [ACTION REQUIRED] New reply in legal matter regarding your Google Account| |mailed-by:|eforward.registrar-servers.com| |signed-by:|google.com| |security:| Standard encryption (TLS) Learn more| |:|Important according to Google magic.|
Here's the full text of the email:
Google Workspace Image
This Reporting rule alert is to inform you that specific activity occurred based on a custom reporting rule.
The alert details include:
Date: Wed, Mar 19 2025 00:47 UTC
Rule Name: [Action Required] We are required to submit a response in the legal matter regarding your Google Account - Assigned to Daniel C ([email protected]) Case ID: 795429234687134065327576321 ... (Removed by OP)βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Case file: ββ Case file: https://sites dot google dot com/u/0096... (changed . to dot and full link removed by OP, to avoid a chance of someone accidently opening it and getting baited)ββββββββββββββββββββββββββββββββββββββββββββ//...ββ (Removed by OP)ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Attachments: social_scan.pdf, proof_of_address.pdf, court_certified_letters_testamentary.pdf, passport_scan.pdf, death_cert_(2).pdf βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ Additional comments or instructions: Please forward all replies to my protonmail, thanks. ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ The Google Workspace Team
I recently started looking into the admin alerts and it's a lot to manage. How do you handle things like increases in user reported spam? Do you investigate all the emails and add them to your block lists? How do you handle user reported phishing attempts?
Just got an email from [email protected]
Dear G Suite Administrator,
You have an admin alert about Suspicious message reported that requires your attention. Please view alert details in G Suite Alert Center.
Sincerely,
The G Suite Team
It redirects me to login and looks official but i'm paranoid. I separately logged into admin.google.com and I don't see any alerts. Is there somewhere I can look without having to login to the link provide din the email?