Phillip VuchetichMay 20

Question: I have an older relative whose Google account is compromised (phishing email from a known person whose account was also compromised, entered google password in a popup window). I walked them through going to the Google account page to change the password, but Google is preventing password reset for up to 72 hours, and won't even allow "forgot password" process to work. The actor appears to be actively emailing contacts with the same phishing email and replying to inbound emails. Any idea how to secure a personal google account when it won't let you change the password?

Separately, what is the recommended password manager for an iPhone for a non-techie person? I don't have an iPhone, so I can't directly evaluate the options.

Show threadQuixoticgeekMay 20
@philvuchetich what happens if you add a 2fa code to the account and then force log out ?
Show threadPhillip Vuchetich

@quixoticgeek Thanks - This was one of the frustrating steps. She was logged in to the account, went to account management, password settings, was prompted to enter password, entered the password, entered the 2FA SMS code, then it gave a message that account recovery is locked for 72 hours. She wasn't specifically selecting account recovery at that time, and the only links are "why is recovery delayed" and "learn more...".

I am traveling, so this was all via her screen sharing. There is the possibility (IMHO likely) that malware is on the PC - the only active sessions were Windows 11 in the correct geographic location and iPhone (so the plan is to reinstall from Windows 11 USB when I am in town tomorrow). I didn't have her specifically end all sessions. Maybe if she can do that from the iphone and leave the PC off in case of malware.

May 20 at 12:50amWeb