How do I verify that this is a real Google alert and not itself a phishing attempt?

If it's real, how do I identify what Google found?

Ed

Google the language of the email ... what comes up in posts from as far back as 2010 is "maybe" and the best advice I saw is "might have something to do with your web host's Apache servers, contact tech support at your web host."

[quote]On Oct 25, 2014, Ed_Millis wrote:


Stop asking for credit card numbers, social security numbers and pin numbers on your website...

If you still have the original email message, you can peek at the source code and look at the return path of the email address. That's one way to check if it's actually sent from the email source it claims to be, or if it's a "spoof" email (if you don't understand, do a wikipedia search for "email spoofing"). This is assuming it was an email instead of something submitted via submit form. It would be pretty unusual for a rep from Google to contact you via your website submit form.

Besides all of the other clues.

- Donald

You can look at the senders return address; was it from @Google.com, or @Goggle.com

click on 'reply" and the true return address will be visible

A return address (aka the supposed origin address of the sender) can be different from the return path. The return path has to do with the true origin of the email. Like I said, if you don't understand this, then do a bit of reading on "email spoofing."

I've had my own email address spoofed, and I've also received emails that were supposed to be from friends, but were actually spoofing their email address (the problem email didn't actually originate from their account, but if I clicked reply, then their address would display). So, I did a bit of reading on the subject.

Mike Clay, Michael Eaton, Josh London, etc. can add further clarification to what I'm saying about email spoofing. I'm sure they know way more about the topic than I do.

- Donald

If it is real it will also show up in your google webmaster tools account attached to your website.

I just checked the indexed pages of your site and don't see anything.

Have you updated your plugins and wordpress core?

I also ran the site through
http://sitecheck.sucuri.net/
and it came back clean

check your site for unknown users and pages just to verify it hasn't been compromised.

if you have pages you didn't add, and users (with publisher or admin rights) that you didn't add
Shoot me an email with ADMIN logins and I will go in and clean it out and lock it down for you. (If your not comfortable checking feel free to send me an email)

I believe the email is spam (because I don't see anything) but when you get something like this it's better to check than let it sit

Ed, anything I can do to help let me know.

Thanks for checking, Mike, and for that link. I'll have to save that one!

Ed

I agree with Mike (as usual), go check your Google Webmasters Tool. It should give you a notification if it's a legit Google notice. It will also let you know of any crawling errors and more fun stuff.

Josh

I agree with Mike (as usual), go check your Google Webmasters Tool. It should give you a notification if it's a legit Google notice. It will also let you know of any crawling errors and more fun stuff.

Josh

Sorry for the duplicate posts, iPad acted up.

If you have a wordpress website, try the iThemes security plugin. That will really lockdown your website.

We just went in and installed it for him.

iThemes Security PRO is AWESOME

I was surprised at just how often websites are attacked by people tying to brute force their way into your site. I installed that on all my sites now.

The more rankings you have the MORE attempts you will see

we have 1 site that has over 200 front page listings, indexed for 640 keywords we track, and over 1200 pages in the site.

We saw a REAL quick drop when we moved the login page
but still see about 500 failed logins per day

Security for wordpress

1. DO NOT use ADMIN as a username
2. Use a strong password
3. Do regular backups

Mike: I just spent about an hour and a half going over that security plug-in. I don't understand 1/4 of what they're talking about!! I did also install the CloudFlare plug-in. Thanks so much for all the help! Although for the life of me, I can't see why anyone would want *my* site.

Ed

It's a random thing... Spammers run bots to find unsecured sites to be able to spam from