This is tame and not scary compared to the kinds of real live human social engineering scams I’ve seen especially targeting senior leaders. With those scams there’s a budget for real human scammers.
This thing was a very obvious scam almost immediately. What real customer provides a screenshot with Google sites, captcha, and then asking you to run a terminal program?
Most non-technical users wouldn’t even fall for this because they’d be immediately be scared away with the command line aspect of it.
Not from a cold email to a support line. Remember that this isn’t a personal email where people can be contacting you for all kinds of reasons.
The amount of legitimate reasons to ever open a link in a support email is basically zero.
When you have a company policy enforced by training and/or technology there is no thought involved, you just respond with “sorry, we can’t open external links. Please attach your screenshot to [ticketing system].”
Your ticketing/email system can literally remove all links automatically right?
This thing was a very obvious scam almost immediately. What real customer provides a screenshot with Google sites, captcha, and then asking you to run a terminal program?
Most non-technical users wouldn’t even fall for this because they’d be immediately be scared away with the command line aspect of it.