If you receive a Gmail recovery email from Google, it may be an AI phishing attack. Scammers now use a new AI phishing attack to lure Gmail users into giving away sensitive information.
According to a blog by a Microsoft solutions consultant Sam Mitrovic on 8 September, this new and realistic scam could trick anyone into giving away their information, hence the need to pay attention to it.
How it works
Mitrovic had a personal experience in which he received an email notification coming from the United States to approve a Gmail account recovery attempt. As a Google expert who was familiar with how such processes work, he denied the request.
However after 40 minutes, he got a missed call, purportedly from Google Sydney, which he also ignored. A week later, he got another email prompt to approve a Gmail account recovery attempt and 40 minutes later, another call from “Google”, which he answered this time.
The professional and polite American caller with an Australian number told Mitrovic that there was suspicious activity on his Gmail account, adding that someone had accessed his account for a week. This was assuming he approved the Gmail recovery attempt one week ago.
Mitrovic warns that Gmail users should triple check emails or phone calls claiming to come from Google, because phone numbers and emails can be easily spoofed to resemble the real thing.
Ultimately, he found out the call was an AI call controlled by humans in an attempt to lure users into giving away their information and they sound quite genuine. Narrating his experience, Mitrovic said:
“If I stayed on the call long enough, I believe the next step would be to approve the account recovery notification. After that, they would have gained control of the account. Despite many red flags upon closer inspection, this call seemed legitimate enough to trick many people. My guess is that their conversion rate from calls answered would be relatively high.”
How to protect yourself
Scammers are becoming advanced in the use of AI, making the scams more sophisticated and difficult to detect. While there are tools you can use to fight such scams such as firewalls, vigilance is the most important defense.
Always do your due diligence by carrying out basic checks on emails you receive concerning your Gmail accounts before acting on them. If still in doubt, talk to someone more experienced that you trust to ensure you don’t fall for the scam.