Hacker News new | ask | show | jobs
by furyofantares 275 days ago
Yeah, that part doesn't add up. If the email was sent by the attacker, why did it have a code he needed to give the attacker?
2 comments
davidscoville 275 days ago
Yes, at least two emails. One was the spoofed email from legal@google.com (which sadly convinced me this was legit) and the other was a Google recovery code email.

The spoofed email was deleted by the attacker, but I have a copy because I forwarded the email to phishing@google.com (something ChatGPT told me to do). The attacker then deleted the original but when I got my account back an hour later, Google bounced back the email. So that is the copy I have and the headers are not super helpful.

link
blactuary 275 days ago
"(something ChatGPT told me to do)"

You're going to get hacked again

link
digianarchist 275 days ago
Any check mark?

https://www.thesslstore.com/blog/wp-content/uploads/2023/05/...

Edit: I searched my email and it doesn't look like they are doing this at all with their accounts.

Edit II: Looks like it's on hold: https://blog.kickbox.com/gmail-bimi-exploit-what-you-need-to...

link
furyofantares 275 days ago
That makes sense, thanks for the clarification.
link
thebytefairy 275 days ago
What was the process for getting your account back?
link
wmf 275 days ago
I think the attacker asked him to read an SMS code.
link