> So when he asked me to read back a code — supposedly to prove I was still alive — in a moment of panic, I did.

I am not clear how the account access occurred. What code did he read? He voluntarily read his own 2FA code from his Authenticator?

▲

bingboingbang 5 days ago | parent [-]

Seems likely to be an SMS code, Google will use a phone for recovery if you claim to have no other access.

This person read an SMS code — one that explicitly says not to give it to anyone — and then they said "I work in tech. I design authentication experiences. I know you’re not supposed to share verification codes! And yet, I got phished."

This person's greatest mistake was answering the phone to a stranger. Who knows what hell can be unleashed on one's emotions nowadays with AI. One cannot expect to be rational in a lion's den.

They are royally fucking up their PSA by throwing Google under the bus rather than telling people to avoid answering their phone to scammers. I suspect this PSA will help approximately no one because of that. Not getting your voice captured (for AI synthesis) is, by itself, a great reason not to answer random calls like this.

	▲	vehementi 5 days ago \| parent [-]
		> Who knows what hell can be unleashed on one's emotions nowadays with AI This is key. I would "never" fall for a scam like this. But who knows for sure? I would also never cheat on my partner, but can I say with 100% certainty that some insane situation can't possibly ever come up where my many layered defenses are compromised? Can some sufficiently charismatic individual deliver a perfect AI script to me based on info from 5 other breaches, in my brother's voice, to make me give up a 2fa token in an emergency? Maybe! So just never answer the phone, ever