DEV Community

loading...

Google Support and “Legit” Phishing

Sam Stepanyan
OWASP London Chapter Leader. Application Security (#AppSec) Consultant. WAF Specialist
Originally published at Medium on ・1 min read

Has @Google gone mad? Legit support page asks to upload a photo of my Government-Issued ID and a photo of my credit card! To Google Cloud?? to “Verify” the Cloud account?? Cybercriminals will be thanking Google for this #phishing gift!

Here is the link if you want to try this yourself (real Google Support page, not phishing):

Verify payment information to continue

Of course the problem with this approach is that we have been teaching users in security awareness courses for two decades now that a legit website will never use such behaviour do that to “verify” he account, that’s what phishing website do…

Discussion (0)

Forem Open with the Forem app