I received Gmail’s Confusing Security Alert last week too. It looked like a classic Phish. It took me some time to look over and authenticate and check my Google account settings back at the Google privacy and security panel. This email could easily be reproduced by scammers and sort of makes you wonder why Google would do it this way. Seems like Google shooting itself in the foot and inadvertently promoting phishing.
…The company told the security researcher … that the mailing was the result of months of experiments, and this version of the alert had the best engagement (meaning people actually opened and clicked it). There are no specifics in it because the company wanted to avoid giving hackers hints about what was wrong with the account, and the company concluded that the extra click required to get to the checkup was a security feature in this case. See the KnowBe4 blog article below.