I can't believe he omitted that detail. How did they appear to send an email from a google domain? This is especially puzzling given that he says he works in security.
Which should trigger every automated alarm bell, as well as SPF/DKIM checks. Which is where this falls apart slightly because in my experience, Gmail is pretty alert about flagging basic things like this.
The headers uploaded are the report email being sent to Google, not the original incoming email. We still don't know how this was spoofed.
iLoveOncall|5 months ago
oliwarner|5 months ago
The headers uploaded are the report email being sent to Google, not the original incoming email. We still don't know how this was spoofed.
karakot|5 months ago
https://imgur.com/a/Ki2cciH
minimal efforts, won't pass any scrutinity but someone panicking might miss it.
Thanks OP for the thread, very enlightening.
cpncrunch|5 months ago