This post is also available in:
עברית (Hebrew)
A recent phishing incident has highlighted a worrying vulnerability in how scammers can exploit legitimate services to deceive victims. Software engineer Zach Latta, the founder of Hack Club, shared his experience on GitHub after receiving a call and email from scammers impersonating Google support. This attack is particularly concerning because it involved the use of Google’s official phone number and a subdomain, which made the scam appear highly credible.
The scam began with a call from a number listed on Google’s support website, which is used by Google Assistant for automated calls related to bookings and inquiries. Latta was initially contacted by a person named Chloe, who claimed to be from Google Workspace support. She informed him that his account had been blocked due to suspicious login activity from Frankfurt, Germany. The call seemed convincing, with a clear connection and an American accent, making it appear legitimate.
Suspicious, Latta requested confirmation via email. To his surprise, the scammers followed through and sent an email from the official Google subdomain “g.co”, which is used exclusively by Google for its services. The email passed all standard email authentication protocols, making it indistinguishable from a legitimate communication. The attackers even claimed that his account had likely been compromised through a Chrome extension and tried to convince him to enter a code that would have granted them access to his account.
Latta was able to recognize the scam before falling victim, but his experience highlights a serious concern. If he had followed the common “best practices” of verifying the phone number and waiting for a legitimate email, he could have been easily compromised.
While Google has not yet addressed this specific incident, experts speculate that the attackers may have exploited Google account credentials to gain access to certain features, bypassing multi-factor authentication to maintain control over the account, according to Cybernews. Users are urged to remain vigilant when receiving unsolicited calls or emails and to report any suspicious activity to Google’s security team.
