JakobFel: They're swamped with support requests, not attacks. I'd recommend running a virus scan immediately and after that, change your GOG password (even if the scan doesn't pick up anything). Furthermore, it wouldn't hurt to change the password you have on the email linked to your GOG account, just to be on the safe side. Definitely run the virus scan first, though, as if you have a keylogger, it'd just pick up whatever your new password is. Chances are it was an isolated incident (since it doesn't sound like your email was compromised) but it'd be better to be safe rather than sorry.
That's what I meant, that maybe they are swamped because many people are reporting these attempts. - But I guess it would be unusual not to have swamped support in these times, hah.
I specifically won't just do the things commonly kneejerk-advised because that might be part of the exploit attempt.
I also am quite IT-security aware, and whenever I had even the slightest suspicion that in the most unlikely case I had malware on my system, that was not the case.
This also is limited to GOG. No other 'attack vector'.
TT_TT_TT_TT: Well i guess checking
https://haveibeenpwned.com/ to see if your Email address was part of a recent leak.
Also would recommend to enable 2FA for your GOG account via
https://www.gog.com/account/settings/security - you can enable Two Step login there - then your account should be safe against unwarranted logins.
If your think your actual email address was compromised / hacked change the password from another device like your phone and check your PC/Laptop with a secondary Anti Virus like for example Malwarebytes.
In general actually i think GOG support wont be able to assist you that much with that matter as everyone having your email address could try to trigger a passwort reset if they guess you have a GOG account (so it can be pretty random and not part of another bigger activity)
That check website is pure cringe to me, and even something that bothers me way too often, keyword expert idiots. In their FAQ they keep talking about how very devoted they are to make every step of the process in the spirit of privacy protection and data security and then in most cynical tragicomedy they mention that they are using Google Analytics on their site!
And I have 2FA activated already, and kudos to GOG for doing it in a way that is actually feasible for everybody and not pushing/coercing for mo'bile - the effective global ReallD.
And GOG support should take these things seriously and at least look at the information gathered about the source of the attempt because this could be an attempted cybercrime, and having a general idea about where the attempt came from could be helpful in future security conduct on both ends.