{"slug": "ask-hn-phishing-from-646-257-4500", "title": "Ask HN: Phishing from 646-257-4500", "summary": "A user reported a phishing call from 646-257-4500 where scammers impersonated Google support and sent a convincing spoofed email with valid DKIM and SPF headers. The email passed Google's authentication checks, raising concerns about how such phishing attempts bypass security filters.", "body_md": "Yesterday, I got a call from 646-257-4500.\n\nAmerican western male voice. Very polite. They actually called me 3 times. The first two, I just hung up.\n\nThey were claiming they received a request from the google support portal for a change of phone number on my account and wanted me to verify my account.\n\nThey sent me an email which looks very much like it came from Google… even in the headers! I don't see anything intrinsically wrong in it.\n\nSubject: Re: You are now on the phone with a verified Google Agent, your Case ID is: XXXXX. Please ask your Agent to confirm this over the phone.\n\n```\n  ARC-Authentication-Results: i=1; mx.google.com;\n       dkim=pass header.i=@google.com header.s=20251104 header.b=XXXX;\n       spf=pass (google.com: domain of XXXX.XXXX.XXX@cases-outbound-prod.bounces.google.com designates 209.85.220.75 as permitted sender) smtp.mailfrom=XXX.XXX.XXX@cases-outbound-prod.bounces.google.com;\n       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com;\n       dara=pass header.i=@gmail.com\n  Received: from mail-sor-f75.google.com (mail-sor-f75.google.com. [209.85.220.75])\n        by mx.google.com with SMTPS id XXXX-XXXX.10.2026.06.11.14.42.06\n        for \n        (Google Transport Security);\n        Thu, 11 Jun 2026 14:42:06 -0700 (PDT)\n```\n\nThey hung up immediately when they realized that I wasn’t going to read them that code.Searches for the number confirm I'm not the only one.\n\nI guess my question is how they could send that email!?\n\nWhy isn't google filtering this out through their system?\n\nComments URL: [https://news.ycombinator.com/item?id=48510035](https://news.ycombinator.com/item?id=48510035)\n\nPoints: 2\n\n# Comments: 0", "url": "https://wpnews.pro/news/ask-hn-phishing-from-646-257-4500", "canonical_source": "https://news.ycombinator.com/item?id=48510035", "published_at": "2026-06-12 22:12:09+00:00", "updated_at": "2026-06-12 22:45:48.738708+00:00", "lang": "en", "topics": ["ai-safety"], "entities": ["Google", "646-257-4500"], "alternates": {"html": "https://wpnews.pro/news/ask-hn-phishing-from-646-257-4500", "markdown": "https://wpnews.pro/news/ask-hn-phishing-from-646-257-4500.md", "text": "https://wpnews.pro/news/ask-hn-phishing-from-646-257-4500.txt", "jsonld": "https://wpnews.pro/news/ask-hn-phishing-from-646-257-4500.jsonld"}}