Hackers are targeting billions of Gmail users with a sophisticated AI scam that can trick even the most tech-savvy individuals. This “super realistic AI scam” involves a combination of spoofed phone numbers, email addresses, and AI voice bots to steal Google credentials.
Microsoft solutions consultant Sam Mitrovic recently encountered this scam firsthand. He received a notification that he needed to approve a Gmail account recovery attempt, which is a common phishing technique designed to lure users into providing their credentials. About 30 minutes later, he received a call from a real Google number, claiming there was suspicious activity on his account. The caller, who sounded like an American, explained that someone had accessed his Google account a week ago and offered to send an email detailing the issue. The email arrived promptly from an official Google address, further convincing Mitrovic.
However, upon closer inspection, Mitrovic realized the voice on the phone was AI-generated. He hung up, realizing that the scam was attempting to trick him into providing an account recovery code or sending him to a fake login portal.
To stay safe from this scam, here are some key indicators to look out for:
1. **Unsolicited Notifications**: Google typically doesn’t send account recovery notifications unless you request one. If you receive such a notification unexpectedly, it could be a scam.
2. **Phone Calls**: Google rarely calls personal users; it usually contacts Business Profile users. If you receive a call claiming to be from Google, it’s likely a scam.
3. **Recent Logins**: Check your recent logins by going to your profile, then “Security,” and then “Recent security activity.” If there’s nothing out of the ordinary, it could be a scam.
4. **Email Headers**: View the full email header by clicking “more” next to the reply button and “show original.” If the “from” address is different from what you expect, it’s a red flag.
5. **Multiple Scam Attempts**: If you receive multiple notifications and calls about the same issue, it’s likely a scam.
6. **Google Support**: Google support will not contact you out of the blue to inform you of a problem. If something seems fishy, it’s best to err on the safe side and end communication until you can verify more information.
Google is fighting back against these AI-powered scams with the Global Signal Exchange (GSE), a partnership with the Global Anti-Scam Alliance and DNS Research Federation. The GSE is a real-time information-sharing platform designed to help identify and combat cybercrime more effectively.
To protect your Gmail account, stay vigilant and follow these best practices:
– **Regularly Check Account Activity**: Review your account activity regularly to detect any unauthorized access.
– **Enable Two-Factor Authentication**: Use methods like OTP, passkeys, or authenticator apps like Microsoft Authenticator to make it harder for hackers to access your accounts.
– **Change Passwords Regularly**: Change your passwords frequently to reduce the risk of password compromise.
By being aware of these indicators and taking proactive steps to secure your account, you can significantly reduce the risk of falling victim to this sophisticated AI scam targeting Gmail users.
Be the first to comment