g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.
Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.
- Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.
- They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.
- I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in the email string. I asked why it said important.g.co and she said it was an internal Google subnet.
OK, so that can't be from a google.com email, right? It must be a spoofed email using g.co, which doesn't have DKIM / SPF turned on - right? Nope.
That's crazy. But to me the least believable part is that someone from Google would ever call me directly. I mean, have you tried talking to a real person at a tech company before?
no
don't answer your phone
I'm just waiting for the phone call from my dad telling my his robinhood account got drained.
Probably time for me to call him with another reminder that anyone calling him for any reason is trying to steal from him.
exactly
@nym considers himself or herself a privacy expert ... time to change your credentials otherwise it's misinformation and borderline fraudulent advertising
I’m not selling anything
privacy enthusiast
"I don't do Telegram"
you don't sell anything now that you have been humbled
I had to mute my first person on SN unfortunately. I didn't realize they were a troll at first.
I guess that first person is me
Do I win a prize?
Announcing that you are muting someone is a sign of mental illness
deleted by author
And our scam radars are pretty alert but this is the scammers stepping up another level.
Scary for us
Disastrous for normies
Here is the conclusion: Stop using google...lol
That's just ridiculous—it gave me cold sweats just reading!
Impressive. Because of my setup (SMS only voip number) I can't get scams this way but good to know for average people it got this far.
A reply on the GitHub gist says it was likely using Google Assistant AI for the voice. An AI detecting AI scams could be a good business idea.
What a scammy world it is becoming. Sometimes this panics me; what if I am the next? 😂 But yeah, a major red flag here is that big FAANGs don't call you.
I would suggest block-quoting the copy-pasted text so readers on SN don’t think this is your original content, but rather from the shared link
IPs check though, so not sure.... call from them is a big red flag for me...
Yeah if any corporations calls me without me calling first or submitting a claim ticket of some sort, I hang up immediately!
next time, wait 24 hours and see what happens
or sleep on it
I mean you are the self proclaimed privacy expert
after all you don't use or trust Telegram but you trust random phone calls... how do you reconcile these contradictions? stupidity?
for someone who is so quick to dismiss Telegram with more than a hint of arrogance and condescension, you have zero excuse
send unrecognized calls to voicemail
Chloe is a stripper name
Chloe is my cats name you son of a bitch