| ▲ | GioM 4 days ago | |||||||
Ah, I think I get it. Article says: > In the Gmail app on iOS, it looked completely legitimate — the branding, the case number, everything. Even the drop-down still showed “@google.com.” > So when he asked me to read back a code — supposedly to prove I was still alive — in a moment of panic, I did. The sentences do not refer to the same thing. The code was not in the email... The narrator was asked to read back "a code" not the case ID in the email. "A code" here referes to a 2fa push notification code. The email was used to rattle the narrator / build trust to get them to comply. | ||||||||
| ▲ | vehementi 4 days ago | parent [-] | |||||||
Yes, that is how I read it as well. Email was just for fun, and the code came by a different channel (of course). The email the scammer sent wouldn't contain a code they can use to take over his account (of course). | ||||||||
| ||||||||