Breaking
February 3, 2025

Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen | usagoldmines.com


  • A new phishing scam has targeted a Google programmer
  • The attack was worryingly convincing, and has made Google tighten defenses in response
  • Not sure how to spot a phishing scam? Follow our tips

A new ultra-realistic phishing scam reported by a Google programmer could make a lot of us a little uneasy.

Zach Latta, warned in a recent blog post, “Someone just tried the most sophisticated phishing attack I’ve ever seen. I almost fell for it. My mind is a little blown.”

Starting with a phone call from the Caller ID ‘Google’, this phishing attempt was enough to convince a Google programmer into being one button press away from disaster – here’s what we know so far.

A convincing story

On the other side of Latta’s phone call, which is a genuine number associated with Google Assistant calls, was a ‘Google engineer’ called Chloe.

The connection was ‘super clear’, with Latta noting the scammer had an American accent, and claimed to be from Google Workspace – asking if he had recently attempted to log into his account from Frankfurt, Germany.

From there, the programmer asked if ‘Chloe’ could confirm this by emailing from an official Google email. Worryingly, the scammer obliged, and sent Latta an incredibly official looking email with a case number.

Not only was the email sent, but it was sent from the address ‘workspace-noreply@ google.com’, and related to his ‘password for important.g.co’ which the attacker claimed was an internal Google subnet. This is important, because even our own TechRadar phishing advice identifies this as a serious indication of risk.

But g.co is an official Google URL – which is confirmed by Google and even has its own Wikipedia page. Latta, being a tech worker, knew to verify the phone number, so Googled the number – and was encouraged to do so by the scammer, who advised him to quote his case number if he called. The number is listed on google.com pages, which was enough to placate Latta enough.

The scammer was encouraging Latta to carry out a ‘sessions reset’, on his device, which rang alarm bells for the programmer. The scam’s first stumbling block came when Latta checked his Google Workspace logs himself, and of course, didn’t find any suspicious activity.

When pressed, the scam began to unravel – with the attacker transferring to a manager who further encouraged Latta to log out from all devices and reset his password. Shockingly, the scammer was able to provide the genuine MFA code that was sent to Latta, which, if entered, would’ve given the attackers access to Latta’s account.

Thankfully, Latta was able to spot the red flags and by this point, was already suspicious enough to avoid handing his account over – but the scammer got close, Latta admitted.

“Literally 1 button press from being completely pwned. And I’m pretty technical!”

This particular attack has made Google up its defenses in response.

“We’ve suspended the account behind this scam, which abused an unverified Workspace account to send these misleading emails” a Google spokesperson told TechRadarPro.

“We have not seen evidence that this is a wide scale tactic, but we are hardening our defenses against abusers leveraging g.co references at sign up to further protect users.”

Google also reiterated: “Google will not call you to reset your password or troubleshoot account issues.”

The news follows a trend of cybercriminals deploying smarter and more frequent attacks, in part enabled by the advent of AI. This particular scam even bypassed MFA and used a legitimate Google domain, so even the most tech-savvy among us should be on the lookout.

Escaping phishing attacks

What’s concerning about this scam in particular is that it has found workarounds for some of the classic tell-tale signs of a scam. As Latta said,

“The thing that’s crazy is that if I followed the 2 “best practices” of verifying the phone number + getting them to send an email to you from a legit domain, I would have been compromised.”

Checking the legitimacy of the email and phone number is pretty much the first recommendation for any unexpected communications – and that’s still good advice, but clearly it will only filter out the lower level attacks at this point. If you’re not sure what exactly a phishing attack is, we’ve put together an explainer.

That said, remaining suspicious of any and all unknown communications, especially those urging action, really is the best defense against phishing attacks.

In the kindest way possible, it’s unlikely you’re important enough for Google to be concerned enough to call you about your personal email account – so be very wary of anyone reaching out to you out of nowhere.

A Google spokesperson told TheRegister, “As a reminder, Google will not call users to reset their passwords or troubleshoot account issues, so feel free to treat any incoming calls as the garbage they are.”

Look out for any obvious markers, like bad spelling or grammar – and be mindful of which organizations would already know your name – it’s unlikely your bank would start an email with ‘Dear customer’.

Alongside that, avoid clicking any links on emails from people you don’t know, and don’t open attachments or scan QR codes either. If you’d like more detail, take a look at our full phishing defense and how to stop it.

Another layer of defense against scams, is using the best identity theft protection, which can help if you do accidentally click the wrong thing.

You might also like

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

Sick of your gaming laptop’s awful battery life? Here’s how to extend it | usagoldmines.com

Swifdoo PDF for Windows review: Essential features and easy to use | usagoldmines.com

uBlock Origin is dead for Chrome, but ad blockers live on | usagoldmines.com

Microsoft is killing its VPN soon. Here’s what you should do | usagoldmines.com

New RTX 5090s could take ‘3 to 16 weeks’ to arrive | usagoldmines.com

Microsoft silently erases tip for installing Windows 11 on older PCs | usagoldmines.com

Why your fraying USB cables are a problem | usagoldmines.com

This ultra-portable mouse, the size of a car remote, still has 6 buttons | usagoldmines.com

Microsoft Paint gets Copilot button for generative AI features | usagoldmines.com

Our favorite high-speed portable SSD just hit its best price: $40 | usagoldmines.com

Want better Google search results? Start swearing | usagoldmines.com

Best Windows backup software 2025: Protect your data! | usagoldmines.com

This superb Ryzen 7 mini PC with 24GB RAM is $479 today | usagoldmines.com

Microsoft’s latest AI feature may just stop working. Here’s why | usagoldmines.com

This budget Asus laptop with 16GB RAM is even cheaper now at $380 | usagoldmines.com

Samsung’s 34-inch 1440p ultrawide gaming monitor is $199 off | usagoldmines.com

Microsoft tests new PowerToys app that can pull audio from video files | usagoldmines.com

The Sims and The Sims 2 now available digitally for the first time | usagoldmines.com

Best streaming devices of 2025: Amazon Fire TV, Apple TV, Roku, or Google TV? | usagoldmines.com

OpenAI's ‘Deep Research’ Can Actually Make Professional Reports With Citations Khamosh Pathak | usag...

The DJI Osmo Action 5 Pro Is Like a GoPro for Power Users Michelle Ehrhardt | usagoldmines.com

Nine of the Best Valentine’s Day Dates That Aren’t Eating at a Restaurant Allie Chanthorn Reinmann |...

How I Removed Stubborn Water Stains From My Wall Lindsey Ellefson | usagoldmines.com

Apple Says It Doesn't Approve of EU Porn App Juli Clover | usagoldmines.com

Google Search Adds the Handiest Little Shortcut to Its Widget Kellen | usagoldmines.com

Apple Stops Signing iOS 18.2.1, Preventing Downgrading Juli Clover | usagoldmines.com

Judge Again Denies Apple's Attempt to Intervene in Google Search Engine Lawsuit Juli Clover | usagol...

DeepSeek R1 is now available on Nvidia, AWS, and Github as available models on Hugging Face shoot pa...

Tariffs may soon spike cost of cars, household goods, consumer tech Ashley Belanger | usagoldmines.c...

Let us spray: River dolphins launch pee streams into air Jennifer Ouellette | usagoldmines.com

Your Galaxy S25 First Impressions? Mine Aren’t Great. Kellen | usagoldmines.com

First Galaxy S25 Update Could Drop at Any Moment Kellen | usagoldmines.com

The Out-of-Touch Adults' Guide to Kid Culture: Is Beating Up a Robot Wrong? Stephen Johnson | usagol...

You Can Save a Lot of Money by Growing Your Own Seedlings Instead of Buying Plants Amanda Blum | usa...

You Can Use an Uncensored Version of DeepSeek Through Perplexity David Nield | usagoldmines.com

Why You Should Buy Your Valentine's Day Flowers Early Meredith Dietz | usagoldmines.com

The Boox Note Air 4C Is a Color E-Reader and Digital Notebook in One Joel Cunningham | usagoldmines....

My Seven Favorite Apps for Getting Free Stuff Lindsey Ellefson | usagoldmines.com

Apple Music Has an Amazing Deal for New Users Right Now Jake Peterson | usagoldmines.com

These Samsung Galaxy Buds 3 Are Under $80 Right Now Pradershika Sharma | usagoldmines.com

EU's AltStore Gets Apple-Approved Pornography App Juli Clover | usagoldmines.com

NYT Strands hints and answers for Tuesday, February 4 (game #338) | usagoldmines.com

NYT Connections hints and answers for Tuesday, February 4 (game #604) | usagoldmines.com

Quordle hints and answers for Tuesday, February 4 (game #1107) | usagoldmines.com

I’ve loved WWE for 25 years, and there’s no better time to start watching thanks to Netflix john-ant...

Help! We're drowning in email spam, it's about to get worse and there's nothing we can do to stop it...

You Can Save a Lot of Money by Growing Your Own Seedlings Instead of Buying Plants Amanda Blum | usa...

Apple's WWDC 2025 Swift Student Challenge Now Live Juli Clover | usagoldmines.com

Apple Relaunched the HomePod Two Years Ago Today Hartley Charlton | usagoldmines.com

Apple Releases New Version of iOS 18.3 for iPhone 11 Juli Clover | usagoldmines.com

Nvidia's new Smooth Motion technology is exclusive to RTX 5000 series GPUs, but not for long - RTX 4...

Infants, to teens, to college graduates, and now AI finally enters the workforce - as Agents | usag...

Patient monitors may have some worrying security flaws | usagoldmines.com

Nvidia's new DLSS 4 driver might be appealing, but you might want to avoid it for now - it's reporte...

Mizuno USA says hackers were able to breach networks, steal data for months | usagoldmines.com

Shopify upgrades its platform with 150+ changes | usagoldmines.com

DeepSeek ‘incredibly vulnerable’ to attacks, research claims | usagoldmines.com

VPN usage skyrockets in DR Congo amid TikTok and X shutdown chiara.castro@futurenet.com (Chiara Cast...

Prime Video just launched another new exclusive streaming bundle – here’s how to get Starz and BET P...

I can’t wait to watch these 3 new movies and shows on Max with over 91% on Rotten Tomatoes grace.mor...

Amazon quietly scraps popular Fire TV feature in new update, but there is a fix mark.wilson@futurene...

Prime Video could be removing my favorite sci-fi show this week – here’s why The Expanse is more tha...

OpenAI says its models are more persuasive than 82 percent of Reddit users Kyle Orland | usagoldmine...

Starlink profit growing rapidly as it faces a moment of promise and peril Eric Berger | usagoldmines...

Nvidia's new DLSS 4 driver might be appealing, but you might want to avoid it for now - it's reporte...

Swifdoo PDF for Windows review: Essential features and easy to use | usagoldmines.com

Valentine's Day Deals: Get All-Time Low Prices on AirPods, iPad, Apple Watch, and More Mitchel Brous...

Greenland’s glaciers are falling apart faster than expected Bob Berwyn, Inside Climate News | usagol...

How Honda is incorporating EVs into the cars it builds in America Jonathan M. Gitlin | usagoldmines....

Microsoft 365’s VPN feature will be shut off at the end of the month Andrew Cunningham | usagoldmine...

uBlock Origin is dead for Chrome, but ad blockers live on | usagoldmines.com

Five Questions to Ask Yourself When You Aren't Being Productive Lindsey Ellefson | usagoldmines.com

What to Do If Push-Ups Hurt Your Wrists Beth Skwarecki | usagoldmines.com

Apple Music Offering Six-Month Trial for Just $2.99 Through February Joe Rossignol | usagoldmines.co...

Microsoft Defender VPN is shutting down for good chiara.castro@futurenet.com (Chiara Castro) | usago...

Globe Life data breach may have affected 850,000 more patients than previously thought | usagoldmin...

Is the DeepSeek hype justified? | usagoldmines.com

Three ways AI will support the healthcare industry in 2025 | usagoldmines.com

Fried Cheese Is My New Favorite (Cheaper) Protein Allie Chanthorn Reinmann | usagoldmines.com

The ‘15-15-15’ Workout Is Great Cardio for the Easily Bored Beth Skwarecki | usagoldmines.com

Apple and Sony Still Working to Bring VR Gaming Controller Support to Vision Pro Hartley Charlton | ...

Apple Music 'Replay 2025' Playlist Now Available Mitchel Broussard | usagoldmines.com

I’m not surprised The Sandman is Netflix’s first canceled show of 2025 after Dead Boy Detectives was...

Paragon spyware campaign targeting journalists disrupted by WhatsApp benedict.collins@futurenet.com ...

Samsung Galaxy Z Fold 7 set to steal the Galaxy Z Fold Special Edition's best features – and this is...

Samsung just quietly retired its Google Messages rival, and not everyone will be happy about it jami...

Aston Martin has a bright idea to make future EVs more exciting to drive, but it’s not what you thin...

OpenAI reveals its most powerful tool yet, designed for "deep research" | usagoldmines.com

Nvidia and AMD are set for a showdown in March, if this rumor holds any truth - RTX 5060 Ti and 5060...

Over a million patients potentially hit after another US healthcare provider hit by cyberattack | u...

UK government releases new AI code of practice to help protect companies | usagoldmines.com

Has the rush to upgrade to Windows 11 just begun? New stats show a marked uptick as Windows 10 End o...

Microsoft Phone Link will soon make it easier to move on from your old phone | usagoldmines.com

Civilization VII review: A major overhaul solves Civ’s oldest problems Samuel Axon | usagoldmines.co...

Nostalgia? Pfft. These 7 retro PCs are still doing serious work today | usagoldmines.com

4 exotic phishing scams are on the rise. Here’s how to catch them in the act | usagoldmines.com

Apple Watch Series 11: Everything we know so far | usagoldmines.com

Tata Technologies confirms ransomware attack, says investigation still ongoing | usagoldmines.com

Powerbeats Pro 2 get a leaked launch date – here's what to expect from them | usagoldmines.com

Gemini can now use Python code to create charts about your Google Sheets data | usagoldmines.com

Leave a Reply