It was not legit from legal, I had the same attack on me two weeks ago. They were pretending to be from Google General Counsel responding to an estate request to my Google account being handed to another party who was supposedly the inheritor.
What clued me in was that he said he couldnt share the estate documents with me until I gave him my popup 2FA code.
Were there any further login attempts that they tried to do to access your Google Account? It almost seems like the attack being described in the article is very sophisticated that the attackers aren't just contacting random people but might have certain people in their radar.
You can trigger emails from Google on behalf of other users or use a platform like Google Cloud or Google Sites to trigger emails that come from real Google servers.
