On June 19th, David Scoville received a call from someone claiming to be Google Support. The caller warned of an attempt to take over Scoville's account, complete with a fake death certificate. What sealed the deal was an email from "legal@google.com" that appeared legitimate in Gmail's iOS app.
The scammer convinced Scoville to share a verification code, granting access to his Gmail, Google Drive, and crucially, his Google Authenticator codes. Within 40 minutes, the attacker drained Scoville's Coinbase account of $80,000 in crypto (now worth $130,000).
Scoville, who works in tech and designs authentication experiences, was stunned by the sophistication of the attack. He points to two critical flaws in Google's security:
- Phishing emails from "@google.com" made it through Gmail's filters.
- Google Authenticator's cloud sync feature, enabled by default, gave the attacker access to 2FA codes.
"Google has become the vault of our digital lives — and that vault had cracks," Scoville writes. "This mistake cost me $130,000 and months of peace of mind. If my story stops even one person from falling for a scam like this, it will be worth sharing."
Previously:
• Phishers make off with W2 tax forms for several thousand Seagate employees
• It turns out that halfway clever phishing attacks really, really work
• Cartel thugs go phishing in Mexico: Fliers circulate with fake email to 'denounce' Monterrey narcos
