u/DiamondBagel444

My fiancé has been hacked or heavily targeted on his Gmail and we are completely losing our minds trying to figure out what is real and what isn’t.

First and foremost: yesterday he received an email saying his Google account was compromised, followed shortly after by a phone call from someone claiming to be Google support. We now know it was a scammer impersonating Google, but at the time he didn’t know. He owns multiple businesses and gets a ton of calls daily, so nothing immediately seemed off and it looked/sounded legitimate.

Fastf orward to this morning, someone also attempted to access his bank account and reset his password, and someone later called a crypto company associated with him and attempted a password reset there too (thankfully they stopped it).

Since then, for the past half day straight, his Google account keeps showing new Windows sessions/passkeys and devices in locations like Ohio, Idaho, Nebraska, etc. — even though he only uses Mac + iPhone and owns no Windows devices at all.

The weird part:

• We sign out/remove one → another immediately appears
• One disappears and another replaces it
• Fresh timestamps keep generating
• They say
  • "Created automatically by Android"

We have already:

• Changed the password multiple times
• Signed out of all devices
• Reset 2-Step Verification
• Removed passkeys/devices repeatedly
• Checked recovery info
• Cleared browser cache/data
• Spent 2 hours with Geek Squad at Best Buy (they were completely stumped)

We've since created a new Google account and changed the email on all his secure banking sites.

Also incredibly frustrating: Google has been no help whatsoever. After several calls, we were basically told to just post in the Gmail Community Help Center, which feels insane given the situation.

At this point we’re trying to figure out: real compromise, weird Google/Android passkey sync issue, or something else entirely?

Has anyone seen "Created automatically by Android" repeatedly generate Windows devices/passkeys before? Or are scammers just getting that much better with AI automations/account takeovers?

Any insight would be appreciated because we are absolutely exhausted.

My fiancé and I are completely losing our minds and hoping someone has seen this before.

He only uses Mac + iPhone — no Windows devices at all. Let alone ones in random states...

This started after he got an email saying his Google account was compromised and then received a phone call from “Google.” We now realize it was a scammer, but at the time he didn’t know. He receives so many calls a day as a guy who owns multiple businesses and the attempt looked/sounded legit.

For the past half day straight, his Google account keeps showing new Windows sessions/passkeys in locations like Ohio, Idaho, Nebraska, etc.

The weird part:

• We sign out/remove one → another immediately appears
• One disappears and another replaces it
• Fresh timestamps keep generating
• Some say:
  • "Created automatically by Android"
  • "Chrome on Windows"
• Some eventually show Signed out

We have already:

• Changed the password multiple times
• Signed out of all devices
• Reset 2-Step Verification
• Removed passkeys/devices repeatedly
• Checked recovery info
• Cleared browser cache/data
• Spent 2 hours with Geek Squad at Best Buy (they were completely stumped)
• We've since created a new Google account and changed the email on all his secure banking sites

To make things more concerning, someone also called a crypto company associated with him and attempted a password reset there which they stopped.

At this point we’re trying to figure out: real compromise, weird Google/Android passkey sync issue, or something else entirely?

Also incredibly frustrating: Google seems to have basically no support whatsoever for situations like this. We've spent half the day trying to secure the account and there doesn't seem to be any direct way to actually get help.

Has anyone seen "Created automatically by Android" repeatedly generate Windows devices/passkeys before? Or are these scammers just getting that much better through AI automations, etc.?