I think I was just the target of a fairly sophisticated phishing attempt.
Uncategorized
5
Posts
1
Posters
1
Views
-
I think I was just the target of a fairly sophisticated phishing attempt.
Got a call from a toll-free number, answered it, it was somebody claiming to be from Google.
Said they were calling about a recent attempt to sign in to my account and a ticket to change my recovery address. I said that didn't sound right, guy on the phone said he was going to send me what they received.
I get an email, I don't look closely at it but it's an actual email from Google (1/?)
-
I think I was just the target of a fairly sophisticated phishing attempt.
Got a call from a toll-free number, answered it, it was somebody claiming to be from Google.
Said they were calling about a recent attempt to sign in to my account and a ticket to change my recovery address. I said that didn't sound right, guy on the phone said he was going to send me what they received.
I get an email, I don't look closely at it but it's an actual email from Google (1/?)
The guy says it looks like an OAuth app may have tried to do it and I think ok, yeah. I use "sign in with Google" all the time, there could be some rogue thing out there where maybe I granted more permissions than I should have or something.
The guy asks if I'm familiar with OAuth and I tell them I am, I've written apps that use OAuth before. He proceeds to give me a brief spiel anyway which I found odd.
So then I ask ok well can you tell me what app did it? He couldn't. (2/?)
-
The guy says it looks like an OAuth app may have tried to do it and I think ok, yeah. I use "sign in with Google" all the time, there could be some rogue thing out there where maybe I granted more permissions than I should have or something.
The guy asks if I'm familiar with OAuth and I tell them I am, I've written apps that use OAuth before. He proceeds to give me a brief spiel anyway which I found odd.
So then I ask ok well can you tell me what app did it? He couldn't. (2/?)
That kind of set off alarm bells because I know from administrating Google Workspace that you absolutely can see what app did what. So red flag.
So then he says something about he can reset my OAuth token. Like it sounded like my account has 1 OAuth token, the way he presented it. Which isn't right.
So I say "ok well listen I can log into my account and disconnect from apps" and he said something about how it's better if they do it? (3/?)
-
That kind of set off alarm bells because I know from administrating Google Workspace that you absolutely can see what app did what. So red flag.
So then he says something about he can reset my OAuth token. Like it sounded like my account has 1 OAuth token, the way he presented it. Which isn't right.
So I say "ok well listen I can log into my account and disconnect from apps" and he said something about how it's better if they do it? (3/?)
So then I say look, the caller ID shows you're calling from a toll-free number and that's all it shows - I can't really verify if you're Google or not. I'll handle it. End the call.
So then I sit down and look at that email that came in while I was on the phone. It was an authorization code to add my account as a recovery to somebody else's account.
I'm guessing the next steps would have involved me giving that code to add my account as a recovery to somebody else's account (4/?)
-
So then I say look, the caller ID shows you're calling from a toll-free number and that's all it shows - I can't really verify if you're Google or not. I'll handle it. End the call.
So then I sit down and look at that email that came in while I was on the phone. It was an authorization code to add my account as a recovery to somebody else's account.
I'm guessing the next steps would have involved me giving that code to add my account as a recovery to somebody else's account (4/?)
Dude had my phone number, my name, sounded really nice and everything. Spoke professionally, no crackly audio from being in a cheap data center, nothing.
But also - since when does Google call you? And over trying to add a recovery address? The email itself says "if this doesn't look familiar just ignore it."
Scary stuff.
-
undefined oblomov@sociale.network shared this topic on
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@dotstdy no
-
Current* conditions near Chicago, IL:
-
@uriel @EUCommission
time we don't have. fuck the fossil industry
-
@Anibyl So, Canadian history is everything that happened inside the current borders of Canada?
-
Bologna: assemblea nazionale “o re o liberta’”. il 28 marzo a roma manifestazione contro le destre
@anarchia
Oltre 2mila presenze e oltre 3mila persone collegate on line per 160 interventi in 2 giorni. Questi i numeri diffusi al termine dell’Assemblea Nazionale “O Re O Liberta’” che si è tenuta nel fine settimana a Bologna. Lanciata per il...
-
I found the #Mastodon bus!
-
Cos’è questa storia dell’ICE alle Olimpiadi Milano-Cortina...i cc li fanno inginocchiare
-
Leviticus di Adrian Chiarella, l'horror queer sulle teorie riparative che ha conquistato il Sundance
https://www.gay.it/leviticus-adrian-chiarella-horror-queer-teorie-riparative-sundance
> Un "fenomenale e avvincente debutto alla regia", nonché un "macabro punto d'incontro tra It Follows e Heated Rivalry".
