New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed

99

Warning: Sophisticated Gmail Scams Using AI-Driven Attacks

Google has implemented advanced protections against hackers who target Gmail accounts. However, scammers are evolving their tactics to use artificial intelligence (AI) to trick even experienced users into revealing sensitive information.

The Latest Scam: A “Super Realistic” AI Call

Microsoft solutions consultant Sam Mitrovic recently shared a warning about a sophisticated AI-driven scam that almost fooled him. The scam started with a notification to approve a Gmail account recovery attempt, which is a common phishing attack method. However, the scam took a new twist when Mitrovic received a phone call from an American voice claiming to be from Google support.

The Scam’s Strategy

The caller’s goal was to engender trust and fear in the recipient. The person claimed that there was suspicious activity on Mitrovic’s Gmail account and asked him about recent logins. When Mitrovic replied that he hadn’t logged in from Germany, the caller tried to build credibility by stating that an attacker had accessed his account for 7 days and downloaded data.

Mitrovic’s Discovery

During the call, Mitrovic Googled the phone number and discovered that it was linked to Google business pages. This clever tactic aims to fool users into thinking the call is legitimate.

Another Warning: A “Pretty Elaborate” Scam

Garry Tan, founder of Y Combinator, issued a warning about another phishing scam on X (formerly Twitter). The scam involves a so-called Google support technician claiming that the company has received a death certificate and a family member is trying to recover the account. The caller checks if the person answering is alive by asking about recent travel.

Using AI to Trick Users

Both scams use AI to present themselves as believable. In Tan’s case, the scammer claimed that an attacker had accessed his account and requested password recovery. However, Tan spotted a red flag when he noticed that the device field on the account recovery screen displayed the name of a Google support worker instead of an actual device.

Abusing Google Forms

Scammers have also been using Google Forms to create legitimate-looking documents as part of support scams. They send a copy of the form via genuine Google servers, which adds legitimacy to the scam. The document is often presented in a way that mimics an account recovery password reset form, complete with a SMS notification from a named support agent.

Stay Safe: Tips and Precautions

To avoid falling victim to these scams:

– Be cautious of unsolicited notifications or calls claiming to be from Google.

– Never click “yes” on a dialog box related to account recovery without verifying the authenticity of the request.

– Check the phone number and email address associated with the notification to ensure they match official Google support contacts.

– Use two-factor authentication (2FA) whenever possible.

Remember, staying vigilant is key to protecting yourself against sophisticated AI-driven scams.

Below is the rewritten version of the text for better clarity:

Lessons from Google Support Scam Near Misses

Mitrovic, a tech-savvy individual, recently encountered a potential scammer who posed as a Google support representative. However, Mitrovic’s quick thinking and knowledge helped him identify the fake support agent. The supposed support guy asked to send an email confirmation, which arrived shortly after from a seemingly genuine Google domain. But, upon closer inspection, Mitrovic noticed that the “to” field contained a cleverly disguised address that wasn’t a legitimate Google domain.

The giveaway for Mitrovic was when the caller said hello and received no response, only to say hello again. This repetition of the greeting, with perfect pronunciation and spacing, raised red flags and led Mitrovic to suspect an AI voice.

Mitrovic’s original blog post provides more technical details on how he detected the scammer. The threat intelligence gathered from this consultant is invaluable for anyone who might encounter a similar situation: being prepared can help prevent falling victim to such scams.

Google Launches Global Signal Exchange to Combat Scammers

Google has joined forces with the Global Anti-Scam Alliance and the DNS Research Federation to form a new initiative, the Global Signal Exchange (GSE). This platform will share intelligence signals related to cybercrime, providing real-time insights into the cybercrime supply chain. Google’s collaboration with these organizations leverages their strengths, enabling faster identification and disruption of fraudulent activities.

Amanda Storey, senior director of trust and safety at Google, stated that GSE aims to improve the exchange of abuse signals, making it easier for qualifying organizations to fight back against scammers. During testing, Google shared over 100,000 malicious URLs and consumed a staggering million scam signals for analysis. The ultimate goal is to create an efficient and user-friendly solution that operates at the scale of the internet.

Staying Safe from Gmail Scams

When approached by someone claiming to be from Google support, remain calm and don’t respond. Use Google search and your Gmail account to verify the authenticity of the call. Check if the phone number is genuine and investigate any unusual activity on your account. Take note of Google’s advice on staying safe from attackers using Gmail phishing scams.

Remember, scammers often rely on creating a sense of urgency to manipulate victims into making impulsive decisions. Don’t rush into making a reaction, and consider enrolling in Google’s Advanced Protection Program for added security.

Use Google’s Advanced Protection Program—Now with Passkey Support

The Advanced Protection Program offers robust security features, especially beneficial for high-risk account holders like journalists, activists, and politicians. The program requires two hardware security keys to sign into the account, but passkey support has recently been introduced, eliminating the financial burden.

Enrolling in both the Advanced Protection Program and using a passkey significantly increases security. This combination makes it difficult for hackers to access your Google account, even if they obtain your username and password. Advanced Protection takes extra steps to verify your identity when recovering an account, which can take several days but prevents scammers from quickly accessing your account.

The rewritten text maintains the original content while improving its clarity and organization for easier reading. Each section has a clear heading, and the transitions between ideas are smoother. This makes it more accessible to readers who may not be familiar with technical terms or concepts related to cybersecurity. The text still conveys important information about Google’s efforts to combat scammers and provides practical advice for staying safe online.  I hope this response is complete and helpful! Let me know if you need any further assistance.

Source: Forbes