Interesting. I got an email last week that purported to be from Google about requesting an MFA code to login. It looked legit but I wonder if it was using this same exploit.

Have seen this in the wild, thought it was just google selling peoples data, but well. Sent to the person that received one of those emails.

It was an email from nubank (a digital bank here in brazil), but with the exact same details, no-reply(at)google(dot)com, asking if they wanted a bigger credit card limit. But they didn’t have an account at that bank. Take care people!