Gmail account recovery scam! Know how fake AI 'Google Support' fraud works
Microsoft consultant Sam Mitrovic narrowly avoided an AI-powered phishing scam targeting his Gmail account. The sophisticated attack involved a convincing phone call from a fake Google support agent, highlighting the evolving nature of cybercrime.
Microsoft solutions consultant Sam Mitrovic recently alerted people to the growing danger of AI-driven scams by sharing his personal blog post about his close call with one. His ordeal started when he got a recovery request for his Gmail account, which is a typical phishing tactic that fools victims into entering their login information on phony login sites. Mitrovic disregarded the first prompt, but a week later, the attack reappeared using more forceful methods.
Mitrovic answered a call from a person posing as a Google support agent after getting another recovery notification. Posing as an American with a genuine-sounding accent, the caller inquired as to whether he had accessed his account from Germany. When Mitrovic denied it, the caller informed him that private information had already been taken and that his Gmail account had been hijacked for the previous week.
Cybercriminals are keeping up with Google's steady improvements to security measures to safeguard its Gmail platform by employing increasingly complex, AI-driven attacks. With more than 2.5 billion active users, Gmail is a popular target for hackers and fraudsters, according to Forbes. How sophisticated these strategies have evolved is demonstrated by a recent event.
When Mitrovic checked up the caller's number and discovered that it was connected to actual Google business pages—albeit one that was associated with Google Assistant rather than Google support—the fraud seemed even more plausible.
The longer they talked, the more suspicious Mitrovic became. Upon closer examination, the email confirmation he got looked genuine, but it was actually a brilliantly disguised address that imitated Google's domain. However, the caller's uncanny flawless pronunciation of the word "hello" was the biggest warning sign. This robotic accuracy made it more difficult to identify the assault since it exposed the fraud as an AI-generated voice.
How to stay safe?
Users need to exercise greater caution than ever before due to the increase in AI-driven phishing assaults. Google emphasizes that consumers will never get phone calls from its support staff for account recovery. Hang up the phone if you get such calls, and use the proper Google channels to confirm any allegations. Additionally, maintain your security settings current and periodically monitor your Gmail account for odd activities. Staying composed and evaluating any questionable message might be the difference between safeguarding your data and becoming a victim of fraud.