A sophisticated phishing attack targeting a Google programmer has raised security concerns. The incident has prompted Google to strengthen its cybersecurity measures.
The attack, which nearly succeeded, involved a highly convincing phone call and email.
The scam began when the programmer received a call from what appeared to be a legitimate Google number. The caller, posing as a Google engineer, claimed to be investigating an unauthorised login attempt from Frankfurt, Germany. To make the attack more credible, the scammer sent a professional-looking email from an address resembling a legitimate Google domain. The email contained a case number and a request to reset the programmer’s password.
The phishing attempt was meticulously crafted. The email originated from ‘workspace-noreply@google.com’ and referenced an internal Google subnet, ‘important.g.co.’ The use of a real phone number and an official-sounding voice made the attack seem authentic. The scammer even provided step-by-step instructions on how to proceed, making it all seem rather legitimate and genuine.
Despite these convincing elements, the programmer grew suspicious. He checked his Google Workspace logs and found no unusual activity. The scammer escalated the situation by introducing a supposed ‘manager’ and providing a multi-factor authentication (MFA) code to further deceive him. However, recognising red flags, the programmer refrained from entering the code, preventing a security breach.
Following the incident, Google took swift action. The fraudulent account linked to the scam was suspended. Google also reinforced its security measures to prevent similar attacks. The company reiterated that it never calls users to reset passwords or troubleshoot account issues. While Google has not identified this as a widespread threat, it has taken steps to prevent phishing attempts that exploit official domains such as g.co.