Today, I received a call from someone claiming to be from Google, informing me that a device in Salt Lake City had attempted to change my password and was currently logged into my account. Interestingly, the caller spoke fluent English with an American accent, which was a bit unusual for these kinds of scams.
The caller seemed to know quite a bit about me, but something still felt off. He then said he would send me a confirmation number via email in case the call dropped—something I could supposedly provide to Google Support.
Here’s the red flag:
I never received the email. Instead, he said he’d send a push notification with a code beginning with G-. What he was actually asking for was my two-factor authentication (2FA) code—the same code that verifies your identity when signing into your Google account. If I had shared that code, he would have had exactly what he needed to:
Change my password
Disable two-factor authentication
Remove my recovery email and phone number
In short: he would have locked me out of my own account.
Nice try, scammers. I’ll give you credit for polishing up your approach with a native-sounding rep, but it’s still a hard no from me.
I asked questions that any legitimate Google representative with real access would be able to answer—like what day and time the password change attempt occurred. When he couldn’t answer, that sealed the deal.
Reminder to everyone:
Google will never call you unsolicited asking for 2FA codes. Always verify through official support channels. Stay safe out there.
