Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

cyrano@lemmy.dbzer0.com · 3 days ago

Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Zikeji@programming.dev · 3 days ago

The thing that’s crazy is that if I followed the 2 “best practices” of verifying the phone number + getting them to send an email to you from a legit domain, I would have been compromised.

Since when was “verifying the phone number” a best practice? Phone number spoofing is still a thing and trivial to do, which is why the best practice is to call back once you verify the phone number matches whatever the company lists (or, preferably, call their main number).

Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

almost_pwned.md