this post was submitted on 24 Jan 2025
20 points (100.0% liked)

Hacking

1881 readers
1 users here now

This is the community for all things hacking and cybersecurity, try keeping it legal. That said I don't take any responsibility for anything that happens/comes from this group but I will try being the best mod that I can to prevent anything from happening.

founded 4 years ago
MODERATORS
top 6 comments
sorted by: hot top controversial new old
[–] Dirk@lemmy.ml 12 points 4 weeks ago (1 children)

The call would have ended the second they they told me they're from Google.

Google does not call you.

[–] rbn@sopuli.xyz 5 points 4 weeks ago (1 children)

I guess that depends. On GitHub it sounds like the victim is a paying customer of Google Workplace, not just some free account. I had similar genuine calls from hotels, credit card companies, an ISP, my electricity provider etc.

So yes, there are some signs that might make you suspicious, but I guess we agree that this was not just a regular everyday scam but a pretty professional, well-prepared and possibly targeted attack.

[–] candyman337@sh.itjust.works 9 points 4 weeks ago (1 children)

Anytime this happens, hang up and call a known company support number

[–] taxon@lemmy.world 2 points 4 weeks ago (1 children)

Don't misdial or you might be connected to the 'savings line'

[–] candyman337@sh.itjust.works 1 points 4 weeks ago

Interesting

[–] Zikeji@programming.dev 8 points 4 weeks ago

The thing that's crazy is that if I followed the 2 "best practices" of verifying the phone number + getting them to send an email to you from a legit domain, I would have been compromised.

Since when was "verifying the phone number" a best practice? Phone number spoofing is still a thing and trivial to do, which is why the best practice is to call back once you verify the phone number matches whatever the company lists (or, preferably, call their main number).