Watch Out for This New Gmail AI Scam—Here’s How to Keep Your Account Safe
Learn about the Gmail AI scam that nearly fooled a security expert—and how you can avoid it
As technology has evolved, so have many scams. Those done by amateurs are thankfully usually easy to spot, but that isn’t always the case for any being done by those with a strong knowledge of security loopholes. A recent scam involving email account recovery was so advanced that it even surprised a security expert. Learn more about the Gmail AI scam, how it works and how to ensure you don’t become a victim.
What is the Gmail AI scam?
This scam was brought to the public’s attention after Microsoft products security expert Sam Mitrovic shared how he was personally targeted, according to CNET. What’s particularly concerning about this attempt is it involves AI, and can trick a lot of people who aren’t aware of what it involves.
Plus, it incorporates some of the more common scam techniques: phone calls and emails. But unlike prior phishing attempts, the signs that hackers are trying to get access to your Gmail account are not exactly obvious. It’s a complex scam with a lot of steps, done by bad actors who are eager to get into your account.
Details of the Gmail AI scam
In Mitrovic’s post, he shares that the scam began with a notification to approve a Gmail account recovery attempt. After denying the request, he received a missed phone call with the caller ID label of “Google Sydney.” The same pattern appeared a week later.
During this second attempt, however, Mitrovic answered the phone and was greeted by a polite and professional American voice. The alleged caller claimed to be from Google and insisted there was in fact suspicious activity on the account.
To get the caller to prove his authenticity, Mitrovic then insisted an email about the issue be sent. Not only did they agree to his request, the sender appeared to be from a legitimate Google domain.
The subject line of the message read, “[Case Action Advised] Your Google Workspace case #52587531: ‘Verification requested by account owner.’ has been updated and requires your attention.” The sender’s email address? “Workspacesupport@google.com.”
The caller then tried to prompt Mitrovic to engage with him with two “Hello” comments, but he ultimately hung up.
Why the Gmail AI scam is dangerous
As Mitrovic points out in his blog, the multi-layered AI scam cleverly hides some of the elements that make a scam easy to spot. The first? The phone number. When he Googled it, he found the contact information for the Australian number on the official Google website—it was a match.
“The number seems legit although I’m aware just how easy it is to spoof the number,” he recalled of the incident. On the other hand, similar scams from the past year generally involved “808” numbers, according to one Reddit thread.
Next, the caller appeared to be American and courteous. This wasn’t a helpful customer service representative, however. It was AI.
Finally, the sender’s email address appeared to be legitimate. But as Mitrovic points out, that was also spoofed. “They are using Salesforce CRM which allows you to set the sender to whatever you like and send over Gmail/Google servers,” he wrote. (Click through to read more about another email scam making the rounds).
Another red flag? The “To” field of the message contained an address that said googlemail@internalcasetracking.com.
The end goal behind all of these scam attempts? Gaining control of the Gmail account. Mitrovic believes the final step would have been for him to approve the account recovery notification, allowing the hackers to use it for personal and financial gain.
How to avoid becoming a victim of the Gmail AI scam
This sophisticated scam can easily fool you, so if you are a Gmail user you’ll want to be prepared should you become a target. There are many things to keep in mind to protect your information.
If you receive account recovery notifications that you didn’t initiate, you may be preyed upon using the next steps in the scam. When in doubt, look at the last login sessions for your account. “You can do this by clicking on your Gmail profile photo in the top right corner then Manage your Google Account then click Security on the left hand side menu and look under the Recent security activity subheading,” advises Mitrovic. Since no one else had tried to log into his account, he knew that the claims were not true.
Next, be vigilant about any phone calls you receive that claim to be from a Google representative. Official support will be much more clear, reports Forbes. “At the start of the call, you’ll hear the reason for the call and that the call is from Google. You can expect the call to come from an automated system or, in some cases, a manual operator,” Google informs.
Finally, take a closer look at any emails sent from an account claiming to be Google. The address may seem legitimate, but in fact be made to only appear official. Rather than clicking on any links or using phone numbers that appear in the body of the message, It’s best to only reach out to the official channels of Google support if you believe your account does need to be recovered.
Conversation
All comments are subject to our Community Guidelines. Woman's World does not endorse the opinions and views shared by our readers in our comment sections. Our comments section is a place where readers can engage in healthy, productive, lively, and respectful discussions. Offensive language, hate speech, personal attacks, and/or defamatory statements are not permitted. Advertising or spam is also prohibited.
