Hacking

1864 readers

1 users here now

This is the community for all things hacking and cybersecurity, try keeping it legal. That said I don't take any responsibility for anything that happens/comes from this group but I will try being the best mod that I can to prevent anything from happening.

founded 4 years ago

MODERATORS

[email protected]

Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen. (gist.github.com)

submitted 2 weeks ago by [email protected] to c/[email protected]

6 comments fedilink hide all child comments

cross-posted from: https://lemmy.dbzer0.com/post/36237226

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 8 points 2 weeks ago

The thing that's crazy is that if I followed the 2 "best practices" of verifying the phone number + getting them to send an email to you from a legit domain, I would have been compromised.

Since when was "verifying the phone number" a best practice? Phone number spoofing is still a thing and trivial to do, which is why the best practice is to call back once you verify the phone number matches whatever the company lists (or, preferably, call their main number).