Phishing Scam Help....anyone?

[Alyssa]

Hey there.  I just had the Google sign-in scam come from my landlord.....I know, of all people.  If I was to say....a complete effing IDIOT and gave my info. away (Gmail Address, PW and telephone #) but then quickly realised I had been had.  Do you think I'm okay by quickly changing my password?  ((knock on wood)) that nothing has changed so far.  I changed my password within 5 minutes and I'm still able to log in and out.  Should I do anything more?  I contacted my landlord and thanked her for the message.  I have also been telling people on my contacts list that I'm currently diseased and not to open random emails from me.  I also reported the message to Google, they have a report button for phishy emails.

I'm just sitting here at work feeling really shitty about all of this, I feel like a dumbass for falling for it.  Why would I give that info out?...and in order to recieve a message?  It acted like Google just wanted to verify who I was because I had never signed in with them on my computer.  That right there should have been a tip-off since I sign in to get my gmail every day on this computer.

TGIF....

[dr.girlfriend]

Aw, don't beat yourself up. The only thing I'm wondering is if there's a way for them to use your phone number for password recovery...but I think they'd have to be able to read a text from that number, right?

ETA:  Also, do you use that login and password for any other sites, especially financial ones?  Definitely change all of those as well.  Anything sensitive you have in your Drive docs, like tax forms or anything?  Not trying to scare you more, just trying to think through all the possibilities.

[Deleted]

Download the Google Authenticator app and set your password to 2-step verification. Then for every new device you sign in on, you'll need a code from your phone that changes once a minute. You get 10 printable codes in case your phone is stolen.

[Alyssa]

Thank you guys!