Google has installed increasingly complex safeguards against those who would compromise your Gmail account—but hackers employing AI-powered methods are also evolving. Here’s what you should know.
The latest AI-powered Gmail attack is scary good.
Sam Mitrovic, a Microsoft solutions consultant, issued a warning after nearly falling prey to what is characterized as a “super realistic AI scam call” capable of duping even the most experienced users.
It all started a week before Mitrovic recognized how sophisticated the operation against him was. “I received a notification to approve a Gmail account recovery attempt,” Mitrovic writes in a blog post warning other Gmail users about the hazard in question.
The requirement to confirm an account recovery or a password reset is a well-known phishing attack approach that directs the user to a phony login site where they must enter their credentials to report the request as not made by them.
Unsurprisingly, Mitrovic did not fall for it and ignored the message that looked to come from the United States, as well as a missed phone call from Google in Sydney, Australia, around 40 minutes later.
So far, so simple and easy to avoid. Then, almost exactly a week later, the real fun began: another notice request for account recovery approval, followed by a phone call 40 minutes later.
This time, Mitrovic did not miss the call and answered it: an American voice, purporting to be from Google support, acknowledged that there was unusual activity on the Gmail account.
“He asks if I’m traveling,” said Mitrovic; “when I said no, he asks if I logged in from Germany, to which I reply no.” All of this is to instill trust in the caller and fear in the recipient. This is when things got extremely dark and smart in terms of phishing.
The so-called Google support representative informed Mitrovic that an attacker had accessed his Gmail account over the previous 7 days and had already downloaded account data. This raised red flags, as Mitrovic remembered the recovery notification and missed contact from a week prior.
Mitrovic observed that googling the phone number he was being called from while chatting led to Google business sites.
This alone is a great approach that is likely to mislead many naïve consumers caught up in the moment, as it was not a Google support number but rather a Google Assistant call.
“At the beginning of the call, you will hear the purpose for the call and that it is from Google. “You can expect the call to come from an automated system or, in some cases, a manual operator,” the 100% real page advises the reader.
Read More
Supreme Court Denies Musk’s X Corp. Appeal in January 6 Case
Biggest Indian Industry leader, Ratan Tata, died at 86
Crypto Startup Backed by OpenAI Founder to Launch Unique Derivatives Exchange
