I recieved a phone call from my” cell provider.” Answered by generic touch tone machine options. Asked to enter my account pin number then the “rep” immediately picked up and asked me if I have access to my email account. Then asked if I recieved a confirmation pin to verify my identity which is actually a password reset pin. I double checked the email source and it looked right. But I hung up and called the 800 number on the company’s website. They said they don’t see a password reset pin generated and there were no changes in my account. I did a password reset anyways to ensure the safety of my account and the reset pin came in the same email stack as the ones from before. Google would’ve started a different stack if it came from another email address. I called back on the local number and “some lady” picked up. Kinda sounded like a voice changer.
1. is it possible to completely spoof email addresses?
2. If the first pin I received was a fake why would they want it?
3. If the first pin was not fake why didn’t my cell provider know about it?
4. How did the guy on the phone know my name, email, and phone number along with which cell provider I use?