The attackers disguise their attacks by using Google's official phone number and the g.co subdomain. They pretend to be representatives of the company and try to steal user data.
Cybersecurity expert Zach Latta, founder of Hack Club, encountered a sophisticated phishing scam. He received a call from the number 650-203-0000, which is officially used by Google Assistant for robocalls. A woman who identified herself as a Google employee named Chloe reported an unauthorized login to his account from Frankfurt and offered help.
To confirm the authenticity of the call, Latta asked for an official letter. Soon, he received a message from the g.co subdomain owned by Google. The letter looked completely authentic and passed all security checks (DKIM, SPF, DMARC).
The attackers claimed that his account had been compromised due to a malicious Chrome extension. They also provided fake LinkedIn profiles that supposedly confirmed their affiliation with Google. The culmination of the scam was an attempt to force Latta to enter one of the verification codes that were sent to his phone. In fact, these codes could have given hackers access to his account.