I got the same e-mail today and mine was indeed from Google. I Googled this e-mail to find info on other's experiences with this issue and this was
one of the first results. After reading this thread I thought I'd provide some tips as to what to do since this was one of the first results in case
this happens to someone else.
1) If you're reading the e-mail you're likely in your G Mail account already so you can goto the bottom right of the page and click on the activity
details link. If you see activity in a red row the e-mail is likely legit and there is a possible threat to your account. The activity details opens
in a new window so you may have to disable pop up blockers to view it, but don't forget to re-enable them.
2) Run a virus scan, a full scan is preferred but a quick scan should catch anything that is currently running. This will make sure your system isn't
compromised, which if it were it wouldn't matter if you changed your password as they'd likely have your new one as well until you got your computer
malware free. In my case I was not infected, but you should always do this in situations like this to be safe.
3) In my case the info in the e-mail from Google was;
Tuesday, January 15, 2013 9:01:57 AM UTC
IP Address: 126.96.36.199 (119247022124.ctinets.com.)
Location: Hong Kong
So I went to my firewall and added the IP address to a black list (in Windows Firewall create inbound and outbound rules in the advanced settings to
block connections) to prevent my PC from sending or receiving info the IP address. I did this for two reasons, I don't know this IP so I have no need
for my PC to talk to it and there's always the chance you're infected with an unknown piece of malware so I prefer to just block that IP from my PC
4) Goto the top right and click on your name or profile picture than click on Account. On the Account screen click on Security and change your
password AND security question. While here double check your recovery phone number as well as the recovery e-mail to ensure they have the correct
info. The shift key being a "ghost key" isn't really correct, most key logging software can record it's use as something like
Shift-Hold/Shift-Release. But using upper and lower case letters as well as numbers and if allowed special characters (ex. # or $) and making your
password atleast 8 characters long makes your password ALOT harder to crack.
This should help secure your account and hopefully you won't get messages like that any more. FYI even if it appears to be a legit e-mail you should
never click links in e-mails like these, not only is there a chance that the page you goto is a phishing page that wants you to log in on that page
and they steal your log in info at that time using the fake log on page, but it's also possible using vulnerabilities in things like Java, Adobe
Flash, Adobe Acrobat Reader, Microsoft Silverlight, ect... a malicious page can cause a piece of malware to infect a computer just by visiting a page
with no farther user interaction. Up to date OS with patches, up to date software, and an up to date antivirus program that actively watches over your
computer will reduce the risk of this happening however.
edit on 15-1-2013 by halfdead because: (no reason given)