I have a Gmail account of the form my.name@gmail.com. I just got email from Google saying there was a new sign-in half an hour ago on Internet Explorer (which I haven't used in the last few days) to myname1234@gmail.com. I have two factor authentication set up, and didn't get any corresponding text message.
Is it the case that this is actually a different account, Google recognizes the account name with the extra digits as different for sign-in purposes, and it's just a bug in the notification system that it truncated the digits when deciding whether I needed to be notified? Or is there something going on that I need to worry about?
Best Answer
Two possibilities spring to mind.
The first is that this is a (spear-)phishing attempt. Someone is trying to trick you into giving up the credentials for your account. That the name doesn't match wouldn't surprise me; would-be online scammers don't have to be smart.
Since you say the email headers look legit, I think another possibility is that the owner of myname1234@gmail.com has added your email address as their recovery address. (See this page from Gmail Support.)
Now, I thought Google sent a confirmation message to the target address to be sure it's under the control of the owner of the other account, but perhaps not. (Maybe this was from before that measure was put in place or you confirmed it in error.)
If this is the case I don't know how you fix it short of using it to reset the password on that other account, sign in, and remove it. Perhaps an email to that account asking them to fix it would work.