I think I was just the target of a fairly sophisticated phishing attempt.
Uncategorized
5
Posts
1
Posters
1
Views
-
I think I was just the target of a fairly sophisticated phishing attempt.
Got a call from a toll-free number, answered it, it was somebody claiming to be from Google.
Said they were calling about a recent attempt to sign in to my account and a ticket to change my recovery address. I said that didn't sound right, guy on the phone said he was going to send me what they received.
I get an email, I don't look closely at it but it's an actual email from Google (1/?)
-
I think I was just the target of a fairly sophisticated phishing attempt.
Got a call from a toll-free number, answered it, it was somebody claiming to be from Google.
Said they were calling about a recent attempt to sign in to my account and a ticket to change my recovery address. I said that didn't sound right, guy on the phone said he was going to send me what they received.
I get an email, I don't look closely at it but it's an actual email from Google (1/?)
The guy says it looks like an OAuth app may have tried to do it and I think ok, yeah. I use "sign in with Google" all the time, there could be some rogue thing out there where maybe I granted more permissions than I should have or something.
The guy asks if I'm familiar with OAuth and I tell them I am, I've written apps that use OAuth before. He proceeds to give me a brief spiel anyway which I found odd.
So then I ask ok well can you tell me what app did it? He couldn't. (2/?)
-
The guy says it looks like an OAuth app may have tried to do it and I think ok, yeah. I use "sign in with Google" all the time, there could be some rogue thing out there where maybe I granted more permissions than I should have or something.
The guy asks if I'm familiar with OAuth and I tell them I am, I've written apps that use OAuth before. He proceeds to give me a brief spiel anyway which I found odd.
So then I ask ok well can you tell me what app did it? He couldn't. (2/?)
That kind of set off alarm bells because I know from administrating Google Workspace that you absolutely can see what app did what. So red flag.
So then he says something about he can reset my OAuth token. Like it sounded like my account has 1 OAuth token, the way he presented it. Which isn't right.
So I say "ok well listen I can log into my account and disconnect from apps" and he said something about how it's better if they do it? (3/?)
-
That kind of set off alarm bells because I know from administrating Google Workspace that you absolutely can see what app did what. So red flag.
So then he says something about he can reset my OAuth token. Like it sounded like my account has 1 OAuth token, the way he presented it. Which isn't right.
So I say "ok well listen I can log into my account and disconnect from apps" and he said something about how it's better if they do it? (3/?)
So then I say look, the caller ID shows you're calling from a toll-free number and that's all it shows - I can't really verify if you're Google or not. I'll handle it. End the call.
So then I sit down and look at that email that came in while I was on the phone. It was an authorization code to add my account as a recovery to somebody else's account.
I'm guessing the next steps would have involved me giving that code to add my account as a recovery to somebody else's account (4/?)
-
So then I say look, the caller ID shows you're calling from a toll-free number and that's all it shows - I can't really verify if you're Google or not. I'll handle it. End the call.
So then I sit down and look at that email that came in while I was on the phone. It was an authorization code to add my account as a recovery to somebody else's account.
I'm guessing the next steps would have involved me giving that code to add my account as a recovery to somebody else's account (4/?)
Dude had my phone number, my name, sounded really nice and everything. Spoke professionally, no crackly audio from being in a cheap data center, nothing.
But also - since when does Google call you? And over trying to add a recovery address? The email itself says "if this doesn't look familiar just ignore it."
Scary stuff.
-
undefined oblomov@sociale.network shared this topic on
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Lots of Open Social Web events are coming up.
* Social Web Devroom at FOSDEM, Brussels, this Saturday.
* Protocols for Publishers, London, Feb 4-5.
* FediMTL, Montreal, Feb 24
* and then our own Growing the Open Social Web workshop, online, March 2.
* ...We track them at: https://fediforum.org/events/
-
Carabinieri Italia
-
@lritter 😏
-
@kristiana
Wordle 1682 X/6🟨🟩⬛⬛🟨
⬛🟩🟩🟩⬛
⬛🟩🟩🟩⬛
⬛🟩🟩🟩⬛
⬛🟩🟩🟩🟩
⬛🟩🟩🟩🟩
-
@Lacey there was a platform that did something like that actually, when they introduced age verification they assumed that all accounts older than a certain number of years belonged to people who were of age.
-
This will be retired tomorrow morning - they finally decided to upgrade it.
Not a single hiccup.
-> 1 1223 days, 07:15:39 | FreeBSD 13.1-RELEASE-p2 Up Since Wed Sep 21 14:07:32 2022
-
@notizie cioè il tutor ti sanziona subito ma per gli sversamenti ci vanno lungaggini!
-
Current* conditions near Vermilion, OH:
