Tags
Aktuelle Nachrichten
America
Aus Aller Welt
Breaking News
Canada
DE
Deutsch
Deutschsprechenden
Europa
Europe
Global News
Internationale Nachrichten aus aller Welt
Japan
Japan News
Kanada
Konflikt
Korea
Krieg in der Ukraine
Latest news
Map
Maps
Nachrichten
News
News Japan
Russischer Überfall auf die Ukraine seit 2022
Science
South Korea
Ukraine
UkraineWarVideoReport
Ukraine War Video Report
Ukrainian Conflict
United Kingdom
United States
United States of America
US
USA
USA Politics
Vereinigte Königreich Großbritannien und Nordirland
Vereinigtes Königreich
Welt
Welt-Nachrichten
Weltnachrichten
Wissenschaft
World
World News
17 Comments
Getting google actually on the phone (for gmail no less) should have been the moment he knew better.
I’m interested to learn about the blog-writer’s method of reprogramming the phonecall AI.
[Archived version for those who don’t want to disable ad-block](https://archive.is/W1P9r).
Any source other than this guy’s paid blog space?
Lots of scary buzzwords for an article about a social engineering hack.
I got a call from “Google” last week and just assumed it was a scam, because why the fuck would Google call me.
It’s not a hack if you’re dumb enough to give someone that called YOU any sensitive information or passwords. That’s called taking advantage of a sucker.
Sadly, some people are not savvy enough to easily spot all the (to many of us) obvious scams. Even when a call is real it’s tough. To explain, a while back someone’s computer was able to generate and use, coincidentally, my wife’s credit card. The bank immediately called and it took some convincing on their part to get my wife to believe it was truly her bank calling and not a scammer. All ended well with no losses to us or the bank. Now, if only everyone was so hyper suspicious of these scams, they might end. Oh, and unicorns will trot down main street.
I’m no words guy, but I think Forbes meant to use ‘pretending’ instead of ‘pertaining’ when they say the hacker was “pertaining to be from Google”.
This was attempted on me last week.
Got a push notification in youtube mobile app asking if i recognized a google login from across the country on Linux.
Declined, then it said “your password wasn’t used for this log in” which only increased my anxiety (how the hell does someone trigger a password-less login attempt confirmation to my phone?)
So now im wondering if my google account is compromised, what devices may be compromised, what collateral impact of a compromised gmail means for any other accounts using the email.
Should I change my password? If my device is compromised, wont that just give them the new password? What if its fake, and its some ruse to get me to change the password, and easily expose the new password, ensuring the account is compromised?
I decide to log into my google account anyway. Everything seems fine, no suspicious activity. But… wheres the failed login attempt that generated the mobile push notification? And again, How does a password-less login attempt generate a push notification to my phone, im not using passkey or anything password-less.
I change my password anyway, out of an abundance of caution.
Then I get a phone call, from google assistant. Which I can immediately tell is probably not google support. I dont pick up. My earlier questions remain.
After some googling and reddit searching, apparently you can trigger such a warning via account recovery. Not sure if true but seems plausible. No interest in testing because I dont want to accidentally get anything locked.
The whole experience was awful and could have been worse if i answered the call, was less calm, or not as tech savy. A lot of it just poor Ux from google starting with the push notification and vague explanation about it.
What a shit article.
So some guy received a bogus verification email followed by a bogus call? Don’t answer the call, Google is never going to fucking call you.
Headline makes it sound like AI found some actual vulnerability exploit.
Love that the author caps it off with:
> It’s well worth reading the original blog from Mitrovic as it contains much more technical detail and detective work that I don’t have the space to cover in this report.
“I don’t have the time, space, or probably even the understanding to explain more but hey they used an AI voice so let’s get an article going!!”
this will just keep happening until “ai” is removed.
And people wonder why I don’t answer my phone.
Doesn’t AI written articles use caps for each word ?
It’s me or the title is gibberish? Sounds like someone took random words and pasted together
Looks like my paranoia has been serving me well then.
For the purposes of me giving out info, nobody who calls me is legitimate. I will find your number on your company’s official website and initiate contact through publicly known official channels; you can verify my identity when I call you if needed. If I can’t get back to you directly, then a CS agent should be able to tell me something is up with my account.
Email sender addresses can be spoofed or made to look *similar* to the real address. Verify all hyperlink domains manually, or better yet just log in the normal way and go from there.
This attack would not have fooled me.
Aren’t the stolen passwords encrypted?