(C) BoingBoing
This story was originally published by BoingBoing and is unaltered.
. . . . . . . . . .
"I was scammed out of $130,000" — tech professional victim of Google phishing scam [1]
['Ellsworth Toohey']
Date: 2025-09-16
On June 19th, David Scoville received a call from someone claiming to be Google Support. The caller warned of an attempt to take over Scoville's account, complete with a fake death certificate. What sealed the deal was an email from "
[email protected]" that appeared legitimate in Gmail's iOS app.
The scammer convinced Scoville to share a verification code, granting access to his Gmail, Google Drive, and crucially, his Google Authenticator codes. Within 40 minutes, the attacker drained Scoville's Coinbase account of $80,000 in crypto (now worth $130,000).
Scoville, who works in tech and designs authentication experiences, was stunned by the sophistication of the attack. He points to two critical flaws in Google's security:
Phishing emails from "@google.com" made it through Gmail's filters. Google Authenticator's cloud sync feature, enabled by default, gave the attacker access to 2FA codes.
"Google has become the vault of our digital lives — and that vault had cracks," Scoville writes. "This mistake cost me $130,000 and months of peace of mind. If my story stops even one person from falling for a scam like this, it will be worth sharing."
Previously:
• Phishers make off with W2 tax forms for several thousand Seagate employees
• It turns out that halfway clever phishing attacks really, really work
• Cartel thugs go phishing in Mexico: Fliers circulate with fake email to 'denounce' Monterrey narcos
[END]
---
[1] Url:
https://boingboing.net/2025/09/16/i-was-scammed-out-of-130000-tech-professional-victim-of-google-phishing-scam.html
Published and (C) by BoingBoing
Content appears here under this condition or license: Creative Commons BY-NC-SA 3.0.
via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/boingboing/
