https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4
Google is fortifying its security measures following a recent, elaborate voice phishing attack documented by programmer Zach Latta.
Latta, founder of Hack Club, detailed a close call he had with scammers who attempted to hijack his Google account through a series of tactics that bypassed traditional security measures.
The scammers, posing as Google Workspace support staff, contacted Latta claiming to have detected a suspicious login attempt. They used a phone number associated with Google Assistant calls and a seemingly legitimate “Google” caller ID. Additionally, a password reset email was sent from a genuine Google Workspace address, making the scam highly convincing.
However, Latta remained cautious and ultimately identified inconsistencies in the scammers’ story. Notably, one scammer contradicted another on details, and a request to call them back was met with an unfazed response, raising a red flag.
This incident exposes a critical vulnerability: the ability for attackers to create Google Workspace accounts using unverified g.co subdomains. This allows them to send password reset emails that appear to originate from Google itself.
Google has acknowledged the issue and is taking steps to bolster its defenses against such scams. They have suspended the account used in this attempt and are working to prevent attackers from exploiting g.co subdomains during registration.
The Latta case serves as a stark reminder to be wary of unsolicited calls, even if they appear to come from legitimate sources. Users should never provide sensitive information over the phone and should be extra cautious about emails originating from unverified senders.
This incident also highlights the evolving nature of phishing tactics and the need for continuous vigilance and security improvements.