Users of Gmail have been put on alert with news of a “super realistic AI scam” that seeks to obtain control of their accounts for the perpetrators.
The scam involves a series of calls and emails purporting to be from Google, but actually powered by artificial intelligence on behalf of the hackers.
It’s not the first scam aimed at Gmail and, with an estimated global user base of around 2 billion people, it’s unlikely to be the last. Luckily, there are some steps you can take to protect yourself, starting with getting acquainted with the details of the new scam.
How the Scam Works
The scam is explained on the blog of self-professed security expert Sam Mitrovic, as he details in full the steps the hackers took to try and access his account.
It started with a notification to approve a Gmail account recovery attempt. A telephone call followed a little later from an Australian number with a Google caller ID that’s listed on the company’s website as a legitimate Google number.
This just in! View
the top business tech deals for 2024 👨💻
The ‘person’ calling told Mitrovic that somebody has had access to his account for a week and downloaded his account data. They followed this up with a ‘Case Action Advised’ email confirming the same from workspacesupport@google.com and cc-ing an email address without a Google domain (googlemail@internalcasetracking.com).
Mitrovic ended the call there, sensing that the call operator was an AI bot and considering the rogue email address a red flag.
Trawling Reddit later, he discovered that the next stage of the scam would be the user being asked to authenticate the security details of their account – the end game for the hacker.
How to Stay Safe Online
Giving the scammer your login details exposes you to having them access your account, scraping your private information and potentially locking you out.
Thankfully, as with most phishing scams, there are straightforward measures you can take to ensure that you don’t fall prey to this or any other attempt.
- Understand this scam: Gmail scams may take all sorts of shapes and forms, but its worth familiarizing yourself with this one as laid out above. Hang up that call if it sounds similar.
- Ignore calls from Google: As Google explains, it will never call you about your Gmail account. In fact, the only time you’re likely to be called by the company is if you have requested support or you’re a Google Business customer.
“Always remember: Google will never call you about your account.” — Google
- Look out for false email accounts: If Google emails you, they’ll only ever do so from an @google.com.
- Check for unusual activity: If you’re contacted with a warning that unusual activity has been detected on your account, double-check whether this is true. Click on your profile at the top right of the Gmail homepage; select Manage your Google Account; click Security; see if anything shows under “Recent security activity.”
- Be vigilant: Internet cons aren’t going away and, with AI scams becoming more common, are only going to get more sophisticated. Don’t be pressured into giving away your personal details and if anything feels suspicious, then check online whether other people have seen the same scam.
