A few years ago I managed to get my parents away from using hotmail/skymail/some blueyonder email address and finally using Gmail, which at the time made a lot of sense given their various Google (Android) devices.
My Mum (bless her), phoned me last night to say she'd had a fair bit of cash spent fraudulently on her various online accounts. The passwords she was using were pretty strong and weren't the same between the two various shops used and thus I thought her email address and the 'forgot password' trick was the likely culprit (I think, although she didn't confirm that this password was very poor).
Following this she's a bit wary and thus I've pointed her at 2-step authentication which I thought would be the end of it. However, the initial pass-codes send via text message came from a number which her iFern 6s (bought as a refurb fairly recently [concerning at all?]) instantly recognised as Google. A few more came from this number but now they're coming from another that isn't being recognised as Google. I'm imagining the latter bit is not an issue but I thought it would be worth asking the great minds of UKB what they thought. Is she secure or does this still sound a bit fishy? What else should I be checking?
Thanks in advance.