On June 19th, David Scoville received a call from someone claiming to be Google Support. The caller warned of an attempt to take over Scoville's account, complete with a fake death certificate. What sealed the deal was an email from "legal@google.com" that appeared legitimate in Gmail's iOS app.

The scammer convinced Scoville to share a verification code, granting access to his Gmail, Google Drive, and crucially, his Google Authenticator codes. Within 40 minutes, the attacker drained Scoville's Coinbase account of $80,000 in crypto (now worth $130,000).

Scoville, who works in tech and designs authentication experiences, was stunned by the sophistication of the attack. He points to two critical flaws in Google's security: 00:00/09:18 10

Phishing emails from "@google.com" made it throu

See Full Page