Billions of Gmail users across the globe should be on high alert and watch out for a sophisticated new scam that could be ‘devastating’ if successful. With most email users now much better at spotting scams and fake emails, cyber crooks are constantly on the lookout for new ideas to attack accounts, and it seems some are turning their attention to Artificial Intelligence (AI).
These nasty – and very convincing – AI attacks began last year, and it’s easy to see how some people have been fooled. The problem is so serious even the America’s FBI law enforcement agency felt the need to issue an alert,
In an online post, FBI Special Agent in Charge Robert Tripp said: “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”
With cyber crooks using increasingly smart methods to steal data and personal details online, the security team at Malwarebytes has also now issued new guidance on what to watch out for and how to stay safe from hackers.
According to Malwarebytes, the new AI scams start with Google users getting a phone call that claims their Gmail account has been compromised. This is then quickly followed up by what appears to be a legitimate-looking email from the US tech firm. Some have even received AI-generated messages that sound just like a real Google employee.
As Malwarebytes explains, “The goal is to convince the target to provide the criminals with the user’s Gmail recovery code, claiming it’s needed to restore the account.”
If tricked, the criminals not only have access to the target’s Gmail but also to a lot of services such as Photos and Documents which could then result in identity theft.
One of those targeted has even written a full blog post about his experience. Sam Mitrovic, a Microsoft solutions consultant, said he received a notification to approve a Gmail account recovery attempt. This was then followed by a call—which sounded genuine—saying there had been suspicious activity on his account. Luckily, Mitrovic realised something was wrong and hung up.
“The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale,” Mitrovic explained.
“People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it.”
Along with these account recovery scams, the FBI has added another warning about unsolicited emails and text messages which contain a link to a seemingly legitimate website that asks visitors to log in, but the linked websites are fakes especially designed to steal the credentials.
If you receive a call from Google and are then sent a link, be very careful before clicking or handing over any details, as it’s likely to be a scam.
Malwarebytes has now issued this advice to help users stay safe.
How to avoid AI Gmail phishing
• Never click on links or download files from unexpected emails or messages.
• Don’t enter personal information on a website unless you are certain it is legitimate.
• Use a password manager to autofill credentials only on trusted sites.
• Monitor your accounts for signs of unauthorized access or data leaks.
• Verify security alerts by visiting your Google Account page directly instead of using links in emails.
• Use multi-factor authentication (MFA) for all accounts
• Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device.
