It doesnt seem to be a red-flag. The caller was calling as an Attorney from Google General Counsel responding to an estate request. They followed up with a spoofed @google.com email with their name corroborating the call.
They're saying that the least likely part of the cover story is that Google would proactively reach out to you in order to help you personally with the service you are (most likely) paying zero dollars for, and assign one of their most expensive employees to the case.
It was not legit from legal, I had the same attack on me two weeks ago. They were pretending to be from Google General Counsel responding to an estate request to my Google account being handed to another party who was supposedly the inheritor.
What clued me in was that he said he couldnt share the estate documents with me until I gave him my popup 2FA code.
Were there any further login attempts that they tried to do to access your Google Account? It almost seems like the attack being described in the article is very sophisticated that the attackers aren't just contacting random people but might have certain people in their radar.
You can trigger emails from Google on behalf of other users or use a platform like Google Cloud or Google Sites to trigger emails that come from real Google servers.
Same exact scam happened to me three weeks ago and I almost fell for it. The guy was very sharp and sounded very authentic.
Ever since then I've been getting hundreds or thousands of Google notifications I've had to decline. Anyone know how people are able to send out hundreds of 2FA gmail notification popups without Google blocking this?
This means you should still have the email from legal@, right? In that case you can solve the mystery of how they managed to pass DMARC by sharing the headers from it.
