
Ask HN: Am I under attack? - passive
So, over the last month, I&#x27;ve received five &quot;welcome to X&quot; emails for relatively prominent online services.<p>Two of these were gaming related, and included a fairly unique username which I tracked to a redditor who claimed to have no idea what was going on, though they admitted they had an account with one of the gaming services.<p>It could be coincidence, I suppose, that someone has a similar email and keeps entering it wrong in the same way. It seems unlikely, but otherwise I&#x27;m not sure how signing up for services with my email address is an attack vector.<p>Is there a risk I am missing here?
======
paulcole
Do you have a common name?

I do and have firstnamelastname@gmail.com. I get all sorts of emails from
people with the same name who somehow believe they have my email address.

~~~
NeutronBoy
A common issue I've seen is websites treating a period in email addresses
differently. All discussion about standards aside, the fact is

* To Gmail, firstname.lastname@gmail.com and firstnamelastname@gmail.com are _the same_.

* To a website like Paypal, they are _different_. So it will allow multiple signups with the 'same' email address.

I just had to troubleshoot this for my parents, who have separate Paypal
accounts, but tied to the same email account.

------
Raed667
If the links to the platform are legitimate, try (carefully) logging to one of
them and see if you can get more info on the person who created the account.

Did they leave other information on the platform: Name, number, login history?
Are they dummy accounts or are they really used by someone?

It may be an honest mistake.

------
ramtatatam
If you clicked on any hyperlink from that email then you can consider yourself
to be phished. You do not know what they wanted - was it your google account?
Or something else? You don't know, the only way to keep yourself safe is to
change all of your passwords.

~~~
passive
No, I made sure not to click anything, though I did check the raw message to
confirm the links were genuine (or at the right domain).

I've got 2FA enabled, and I checked my gmail access history and there are no
unusual locations or devices.

It's just very odd to me that this has continued, gradually, over a month.

------
serg_chernata
Maybe these are phishing emails? Just change your password and maybe enable
two factor authentication just to be safe.

