My wife had a phone call a few days ago from somebody saying he was "Windows Security" and asking her to do some things to "check security". She hung up.
They called back when I was home, from a number which said "Bermuda" and it seemed to be a boiler-room type operation with people who barely speak english working from a script.
Something is going on.
Regarding the "Gmail leak",
Mashable had an article with some good advice:
Should You Trust a Site to Check If Your Gmail Password Was Leaked?
In the wake of the latest leak involving 5 million Gmail addresses and (some) passwords, the advice was the same one we give in every situation like this: Change your password — especially if you re-use it on multiple services and websites.
But if you're checking to see if your email address and password is on the leaked list, beware of how you do it. You could get roped into another attack.
See also: The 25 Worst Passwords of 2013
In the frenzy to figure out whether this leak was very bad news — it wasn't as most passwords were old and not even Gmail ones — many people happily typed their email addresses into these sites. But, was that a good idea? Should we all trust a website (any website) with our email address just for the sake of checking if we have been hacked?
In this case, a website called IsLeaked was the most popular site that offered this service, and the one that pretty much every news story (including Mashable's) was pointing to.
Hours after it surfaced, James Watt, an IT professional, questioned the site's legitimacy by pointing out it had been created two days before the Gmail addresses leak. His main criticism missed the point. The site had been created after a similar leak earlier this week involving email addresses and passwords pertaining to Russian providers Yandex and Mail.Ru, according to IsLeaked's owner, who declined to give his or her name to Mashable.
But Watt stood by the main point he was trying to make.
"I strongly discourage giving your information to any third party that claims to check your security for you," he told Mashable.
The problem, he argued, is that you don't know who you're giving it to, and for all you know you might be sending your email to the same hackers who put out the list or someone else who is harvesting emails to sell them to spammers or get new, fresh email addresses to try to hack. Others on Reddit seemed to share his concern, and someone even created an open source "private" tool that checks the database of leaked emails without sending the address over to the site.
(snip)
In this case, Gmail actually said it forced the people whose password was indeed on the list ("less than 2%" of the 5 million), to reset their passwords. So there's actually no need to check if your email is on that list anymore. If you haven't heard from Google, you should be fine.
More at the link.
Personally, I use multiple email addresses. For web sites that demand an email address in order to allow you to register, I give them a throwaway address that I use only for such purposes, and for which I don't care if it's inundated with spam.