What to do about Gmail Message [Attempt] Suspicious Sign-in Prevented ?

Received Email from Google stating Sign-in attempt prevented or Suspicious sign-in prevented. Causes could be failure of SMTP or Outlook authentication

If you have received a mail from Google stating that a ‘sign-in attempt prevented’ or ‘Suspicious sign-in prevented’ then someone might have attempted to sign-in using your ID or probably you might have tried signing to a 3rd party client or app like outlook which Google blocked due clients low-security standards. The mail may also come when trying to connect your Gmail servers using SMTP authentication.

Here are some solutions, discussions, fixes and analysis based on different conditions under which you may have got mail:

A Fake Mail Sent in the Name of Google

An email is being circulated which looks very convincing and official, like a notice from Google stating “Sign-in attempt prevented”. This has turned out to be a bogus mail, spotted by security researchers as a phishing attempt to get your account info. An example of  such a fake mail is shown below:

Fake Mail stating suspicious sign in

Fake Mail stating suspicious sign in

The mail is equipped with a Google logo and contains your email ID, the sender’s mail address that can deceive any user from considering it to be real, location details of the attemptee and a note stating that someone tried to sign in to your Google account. The mail also contains some links which when clicked will lead you to a domain that also looks like it belongs to the Google, and which sports a spoofed login page and some details related to your account.

And if you sign in using that page then the information you enter will be taken up by rouge to harvest your ‘Google account credentials’.

What to do ?

    1. In Gmail, open the suspicious message.
    2. Click the down arrow next to “Reply”.
      Reply drop-down arrow
    3. Select Report PhishingGoogle will look forward for further actions to be taken.
  • If you want to log in and change your password use original Google login page and change your password do not click on any link provided.

A Real Mail Sent by the Google

Google Sign in prevented mailGoogle Sign in prevented Google mail

The mail sent in the name of Google may be a legit one, so it is better to review your recent activity. Actually, it is a bit difficult to recognise and differentiate a spoof mail as it can be undiscerning to user. For example, a spoofer may use Greek ‘o’ instead Latin ‘o’ e.g example@google.com, it is difficult to differentiate. Google’s website states:

A spoof mail may ask for personal information like usernames, passwords, or other identification information, or send you to unfamiliar websites asking for this information.

Source: Google

What to do ?

To be on the safer side do not click on any links provided in the mail even if it seems to be legit. Open your Google account page in a new tab if you wish to make any necessary changes in your account.

Check for suspicious account activity

  1. Go to your Recent Activity page.
  2. Sign into your account.
  3. Review your recent activity and look for unfamiliar locations or devices. You can also click on any event in the list to see more details about it on the right.
  4. If you see any activity you don’t recognize, click Change password at the top of the page.
  5. Follow the steps to change your password.

Change your password to long, unfamiliar and complex type.

If you find something suspicious, report it as spam.


Gmail Rejecting SMTP Authentication as Suspicious Sign in

If you get an error “SMTP Error: Could not authenticate.” and on checking the mail box if you find an email stating “Suspicious sign in prevented” then follow the steps to fix the problem and get access to SMTP.

What to do ?

  1. First login to your Google Account.
  2. Click here and look for option called “Allow less secure apps”.

    Allow less secure apps

    Allow less secure apps

  3. Turn the option ON.

That is it you can now connect to Gmail mail servers using SMTP.

Note: Some apps and devices may not use modern security standards and are less secure, which could leave your account vulnerable.


Google blocking sign in attempt to 3rd party clients like Outlook

As promised by Google they started blocking Sign in for third party clients or services which do not meet their security standards. As these apps and devices are more prone to be attacked and easy to break through, Google prevents them from signing showing an error “Password incorrect”.

Some examples of apps that do not support the latest security standards include:

  • The Mail app on your iPhone or iPad with iOS 6 or below
  • The Mail app on your Windows phone preceding the 8.1 release
  • Some desktop mail clients like Microsoft Outlook and Mozilla Thunderbird

Source: Google

What to do ?

Update to more secure apps having modern security measures.

  1. First login to your Google Account.
  2. Click herescroll down and look for option called “Allow less secure apps”.
  3. Turn the option ON.

Now you can access your Google account for all third party clients like Outlook and Trillian.


Add an Extra Layer of Protection to your Google Account

You can put an extra layer of security to your Google account by adding security code and 2 step verification process.

1. Security code

This security code can be accessed from your Android Smartphone. Google will ask you for the code to make sure the user is authentic in cases where:

  • If you sign in from a new location or device.
  • If they suspect someone else might be trying to access your account.

To get security code

  1. Look for the app called Google settings in App drawer.
  2. Tap on it and look for option called Security under services option.
  3. Tap on security code and select the Google account to avail your code.

This code is only asked where Google’s system find something unusual behaviour with your account.

2. Two-Step verification

2-step verification process is much more secure. Just you need to register your mobile number with Google and each time you sign-in to a new device or software using Google account a PIN is sent to your phone which you need to verify. Thus, protecting your account from hackers.

Conclusion: I hope this post was helpful in clearing all your doubts & queries and putting forward to you some solutions and fixes. If you need any assistance please comment below.

If you've love and thoughts on our blog - What to do about Gmail Message [Attempt] Suspicious Sign-in Prevented ?, then feel free to drop in below comment section and share with your family and friends - Sharing is Caring. Cheers!

Nikhil A
Nikhil is a general internet nut and tech enthusiast who's never filled with enough. You'll usually find him on his Oneplus X watching movies, listening music or reading up on technology and crazy stuff. If for some strange reason, he's not on his phone, you'll find him studying or typing furiously on keyboard to write something.

Social Connect:

4 Responses

  1. Mariette says:

    I have been receiving a sign-in attempt prevented e-mail every single morning for the past 8 months. It looks similar to the example with the no-reply@accounts.google.com address. Every morning, I simply delete it and carry on with my daily task. I change my password on a regular basis and only use my laptop for e-mail. But what do I do to stop it? I cannot carry on like this for eternity?

  2. anh hop says:

    Thanks you very much for this article

  3. Mandila says:

    Many thanks really beneficial. Will share website with my buddies.

Leave a Reply

Your email address will not be published. Required fields are marked *