[GioM]

I don't get this part either.

if the scammers had spoofed the email, they would already have that code, and if they hadn't spoofed that email... I mean it looks like a case ID, why would they need it?

Maybe the reading back the code was to get buy in, then there's a missing step here like they had him hit "allow" on a 2fa prompt. Or maybe the email was legit, since it references a "temporary code" and the case ID allowed access with that code?

Good chance my reading comprehension is shot and I'm missing something, I suppose, but I don't understand.

[ajross]

> Good chance my reading comprehension is shot and I'm missing something, I suppose

That's more charitable than me. My UnreliableNarrator sense is tingling really badly here.

[GioM]

Ah, I think I get it. Article says:

> In the Gmail app on iOS, it looked completely legitimate — the branding, the case number, everything. Even the drop-down still showed “@google.com.”

> So when he asked me to read back a code — supposedly to prove I was still alive — in a moment of panic, I did.

The sentences do not refer to the same thing.

The code was not in the email... The narrator was asked to read back "a code" not the case ID in the email. "A code" here referes to a 2fa push notification code. The email was used to rattle the narrator / build trust to get them to comply.

[vehementi]

Yes, that is how I read it as well. Email was just for fun, and the code came by a different channel (of course). The email the scammer sent wouldn't contain a code they can use to take over his account (of course).

[phendrenad2]

Oh, the fake email also contains a code, so I thought that was it.

[phendrenad2]

I came to the comment section to see if anyone had (1) noticed this omission and (2) explained it. I see we're at 1 still...