Google to step up cyber defences after employee faced a devastating phishing attack

A recent phishing attack targeting a Google programmer has raised alarms and prompted the tech giant to tighten its cybersecurity measures. Zach Latta, a Google programmer, described the attack as “the most sophisticated phishing attempt” he had ever encountered, nearly falling victim to it. The scam, reported by TechRadar which began with a phone call from a number that appeared to be from Google, was alarmingly convincing. The scammer, posing as a Google engineer, almost tricked Latta into revealing his account credentials.

The phishing attempt started with a phone call from a ‘Google’ number, with the scammer posing as an engineer named Chloe. The caller claimed to be from Google Workspace and asked Latta if he had attempted to log into his account from Frankfurt, Germany.

More from Tech

How ChatGPT is becoming everyone’s BFF and why that’s dangerous America ready for self-driving cars, but it has a legal problem

To gain Latta’s trust, the scammer sent a highly convincing email from an official-looking Google address, providing a case number and asking him to reset his password. Despite the signs, such as a legitimate-looking Google URL, Latta became suspicious and ultimately avoided falling for the scam. Google has since responded by tightening its defences.

A convincing phishing story

The phishing attempt was particularly convincing, as the scammer used a genuine Google phone number and a well-crafted email to trick Latta. The email appeared official, coming from a valid Google domain, ‘workspace-noreply@google.com’, and even referenced an internal Google subnet ‘important.g.co’.

The scammer’s use of a real phone number and a professional-sounding voice made the attack seem more credible. Latta, being a tech professional, followed best practices by verifying the number and even received confirmation from the scammer about how to proceed. However, after checking his Google Workspace logs and finding no suspicious activity, Latta began to suspect that something was off.

Impact Shorts

More Shorts

America ready for self-driving cars, but it has a legal problem

Alibaba, Baidu begin using own AI chips as China shifts away from US tech amid Nvidia row

The scammer’s persistence, including escalating the situation to a ‘manager’ and providing Latta with the MFA code, nearly led to disaster. Fortunately, Latta recognized the red flags in time and avoided entering the MFA code that would have compromised his account.

Google’s response to the attack

In light of this attack, Google has responded by strengthening its defences. A spokesperson confirmed that the account behind the scam had been suspended, and measures are now being put in place to better protect users from similar attacks.

Google emphasized that it will never call users to reset passwords or troubleshoot account issues, directly addressing one of the tactics used in this scam. While Google stated that no evidence suggests this is a widespread tactic, it has bolstered its systems to prevent the exploitation of official Google domains like g.co for phishing purposes.

Protecting yourself from phishing scams

This phishing attempt highlights the growing sophistication of cybercriminals, with even the most tech-savvy individuals at risk. As Latta pointed out, simple best practices, like verifying phone numbers and emails, are no longer foolproof. Phishing scams are evolving, often bypassing classic tell-tale signs like poor grammar or suspicious links. The best defence is to remain cautious of any unsolicited communication, especially those asking you to take immediate action.

To protect yourself, always verify the legitimacy of any unexpected calls or emails, especially if they urge you to reset passwords or share sensitive information. Avoid clicking on any links or opening attachments from unfamiliar sources. Additionally, using identity theft protection services can offer an extra layer of defence. As phishing tactics continue to evolve, staying vigilant remains the best defence against falling victim to these increasingly sophisticated scams.