Google account owner Zach Latta reported an attempt by hackers to hijack his account using real data from Google. The fraudsters successfully called Latta from a Google phone number listed on the official support site and sent an email from a legitimate-looking subdomain.
The attackers posed as Google Workspace support, claiming that Latta’s account had been blocked due to suspicious activity in Frankfurt. They even provided fake proof of their identity, including a LinkedIn account. However, Latta was able to recognize the scam when he realized that following two best practices could have saved him from being compromised: verifying his phone number and receiving an email from a legitimate domain.
Despite their efforts, hackers were unable to bypass multi-factor authentication, but they did gain access to important Google features and subdomains. It is unclear how the attackers obtained this data, but it’s speculated that they may have used partially compromised Google account credentials.
Google has not publicly commented on the case, but Latta shared his evidence with Cybernews. As a result, the incident serves as a reminder of the importance of security best practices and being cautious when interacting with unfamiliar individuals claiming to be from a trusted company like Google.
Source: https://itc.ua/en/news/fraudsters-used-a-real-phone-and-google-subdomains-in-an-attempt-to-steal-data