Social engineering and Phising in 2022 — Google voice text scam and Paypal Bitcoin exchange email scam

Nikhil Prathapani
4 min readSep 18, 2022

I started writing this article in 2021, took a brief pause and resumed it again today. Because I wanted to share details about 2 pretty basic scams from the products that we use daily.

First story is about how I got hacked in 2021. And the remediation steps that I took. Second story is about the preventive measures I took when someone tried to hack me in 2022.

Google voice text scam:

I was eating my lunch and got text from a number based in New York about my posting on OfferUp platform. I was selling some of my furniture before I move to a new place. The profile of the other person on offerup looked legitimate. It was verified via email and phone on offerup platform, also have some reviews from previous purchases. Usually you have a chat functionality within the app about any communication for the items you are selling or buying.

This is where it gets interesting. The seller looked to be interested in furniture , but asked if they could contact me via messages by saying that “most postings on offerup/facebook marketplace are fake, so I want to check if you are for real”. I obliged and shared my number. This was the first mistake from my end. Sharing my number with a complete stranger on internet.

Later the seller asked the specs of the couch, to know whether it will fit in their car or if they needed U-haul. That’s normal. But they also said that they sent me a text message with a Google Voice verification code and asked me for that code. It looks something like this:

I had a hunch on why they would want a code that was sent to my number, but since I was in a hurry to move out from my current place, I sent them the code as I wanted to get rid of furniture. This was my second mistake. Desperation to get things done, and hackers cash in on a time crunch.

After I sent the code, I havent received any response from the other person. This is when I started to tremble and trace back all the steps. I realised that I had made a huge mistake and made myself vulnerable to social engineering. But from this point, panicking wont resolve anything.

Step 1: Contacted my phone service provider about what happened. Told them that my number might be claimed/compromised by a hacker. They said that they do not see anything wrong from their end on my account

Step 2: Followed the steps from the google voice user forum to take back control of my google voice account:

FTC also has a nice article about this:

Paypal bitcoin exchange email scam:

We are now in 2022, and we have a paypal account that we created about a decade ago. Although we all use venmo now, we still have the paypal account.

The scam email looks something like this:

Now that I am a seasoned victim of hacks, this time, I didnt click on any links. Although the sender email looks legitimate. Its surprising how bad actors are able to spoof official PayPal domain with signed TLS certificate so easily.

Instead, I forwarded the email to phishing@paypal.com

And this is the response I have gotten:

Although I am still getting these scam emails, I am ignoring them and reporting them to paypal for further screening.

You can learn more about this scam here:

--

--

Nikhil Prathapani
0 Followers

I read and write about cyber security, software, bug finding, quality assurance, software engineering best practices etc.