New AI scam targets Gmail users with fake account recovery requests
A sophisticated AI-driven scam is now targeting Gmail users, aiming to steal personal data by tricking individuals into approving fraudulent account recovery requests.
The scam, which has raised concerns among cybersecurity experts, uses professional-sounding AI voices and cleverly spoofed emails to gain unauthorised access to users' Gmail accounts.
Deceptive Tactics Uncovered
Sam Mitrovic, an IT consultant and tech blogger, recently shared his experience of this new scam in a detailed blog post. The scam typically begins when the user receives an unexpected Gmail account recovery request notification, which appears legitimate at first glance.
However, the recovery request is entirely fake and usually originates from a different country, as Mitrovic discovered when his request came from the United States.
Declining the recovery request, as Mitrovic did, doesn’t stop the scam. About 40 minutes later, users receive a phone call from a number that appears to be from Google.
The call is highly convincing, with a professional-sounding, polite voice claiming to be from Google, warning the user of suspicious activity on their account. The scammer then raises alarm by asking if the user has logged into their Gmail from a foreign location.
Further complicating matters, the number displayed on the caller ID may appear to be from an official Google office.
The scammer uses this to convince the victim that someone has accessed sensitive information from their account and urges them to approve the recovery request in order to secure their data. If the victim complies, the scammers gain full access to the Gmail account, putting personal information at serious risk.
How to Stay Safe
Mitrovic stresses the importance of vigilance when dealing with unexpected account recovery requests or suspicious phone calls. He outlines several steps Gmail users can take to protect themselves from falling victim to this clever AI-based scam:
Do Not Approve Unrequested Recovery Requests: If you receive a recovery request that you didn’t initiate, do not approve it. This is a strong sign that your account is being targeted by scammers.
Verify Calls Claiming to be from Google: Google typically does not call users directly, except in cases related to business services. If you receive a suspicious call, it’s best to hang up and verify the phone number independently before engaging further.
Check Emails Carefully: Spoofed emails are designed to look authentic but often contain small giveaways, such as discrepancies in the “To” field or domain name. Be vigilant and inspect email details thoroughly before responding.
Review Security Activity Regularly: Users should regularly check their Gmail security settings for unfamiliar logins. This can be done by going to the Gmail “Security” tab and reviewing recent activity for any signs of unauthorised access.
Inspect Email Headers: For tech-savvy users, reviewing the original email headers can help confirm whether an email was truly sent from a legitimate Google server or a spoofed one.
This new scam serves as a reminder for Gmail users to stay alert and cautious when dealing with unusual activity on their accounts. While the use of AI has made these scams more sophisticated, following these protective measures can significantly reduce the risk of falling victim to such attacks.
By double-checking all recovery requests, phone calls, and emails, users can safeguard their personal data from scammers exploiting AI technologies to deceive the unsuspecting.
Source: With inputs from agencies