Criminals don’t stop at Google either. There are currently several scams circulating on Gmail that appear particularly credible thanks to the use of AI.
According to the company, Gmail, the email service from Google, has more than 2.5 billion users worldwide. That's a considerable number, but it could also bring tears of joy to the eyes of criminals.
But although Google invests a lot in security, there are currently very realistic scams circulating, such as Forbes reported.
Gmail AI calling scam
Forbes reports on this “super-realistic AI scam call” uncovered by Microsoft consultant Sam Mitrovic. He has already issued a warning about the AI attack.
It all started with a notification about an attempt to recover a Gmail account. Mitrovic was supposed to confirm this, but he didn't because he suspected a phishing attempt.
Just 40 minutes after that email notification, he received a call purporting to be from Google in Sydney. However, Mitrovic missed this.
He then had rest for a week before the procedure was repeated. Again, Mitrovic received an email with an authorization request for account recovery. And another call followed 40 minutes later, which Mitrovic then picked up.
Phone number leads to Google business pages
A supposed Google support employee answered the phone. He told Mitrovic that there had been suspicious activity on his Gmail account.
Numerous questions followed as to whether Mitrovic was traveling or had tried to log in from Germany. The alleged Google employee then told him that unauthorized persons had tried to access his account for the past seven days. Account details have also already been downloaded.
At that moment Mitrovic became suspicious because he remembered the first attempt to make contact – which was exactly a week ago. Additionally, when Mitrovic did a Google search for the phone number, he actually ended up on the Google business pages.
Another phishing attempt on Gmail
But that's not the only trick that fraudsters are currently using to get Gmail users' data. In a second scam, which Garry Tan writes about at X, a supposed Google support technician also contacts users.
The phishing scam is “quite sophisticated” and also uses AI to appear credible. Google received a death certificate and a family member is trying to restore the account.
In the dialog window that opens, users can click yes or no, but this leads to further fake pages. Tan should also enter his mobile number, among other things, to complete the verification process. “It's a pretty sophisticated trick to trick you into allowing password recovery,” he warns.
Tan's attempted fraud was particularly noticeable because the name of his device was not listed under the device name. The name of a Google support representative was listed here instead.
Also interesting:
Source: https://www.basicthinking.de/blog/2024/10/14/phishing-gmail-ki/
