The call would have ended the second they they told me they're from Google.
Google does not call you.
this post was submitted on 24 Jan 2025
21 points (100.0% liked)
Hacking
1864 readers
1 users here now
This is the community for all things hacking and cybersecurity, try keeping it legal. That said I don't take any responsibility for anything that happens/comes from this group but I will try being the best mod that I can to prevent anything from happening.
founded 4 years ago
MODERATORS
I guess that depends. On GitHub it sounds like the victim is a paying customer of Google Workplace, not just some free account. I had similar genuine calls from hotels, credit card companies, an ISP, my electricity provider etc.
So yes, there are some signs that might make you suspicious, but I guess we agree that this was not just a regular everyday scam but a pretty professional, well-prepared and possibly targeted attack.
Anytime this happens, hang up and call a known company support number
The thing that's crazy is that if I followed the 2 "best practices" of verifying the phone number + getting them to send an email to you from a legit domain, I would have been compromised.
Since when was "verifying the phone number" a best practice? Phone number spoofing is still a thing and trivial to do, which is why the best practice is to call back once you verify the phone number matches whatever the company lists (or, preferably, call their main number).