Super realistic AI scam call targets Gmail users
A sophisticated AI-powered phishing attack on Gmail users has been accidentally uncovered. The scam could fool even experienced users. We’ll show you how you can protect yourself and what Google is doing about it.
AI phishing: new danger for Gmail users
A sophisticated phishing attempt using artificial intelligence is currently threatening Gmail’s more than 2.5 billion users. The attackers use a combination of fake emails, calls and AI-generated speech to obtain sensitive account data. Even experienced users could fall for this scam, reports Forbes. The attack begins with an innocuous notification confirming an account recovery.
If the user ignores this, a supposed call from Google follows about 40 minutes later. Particularly tricky: the phone number displayed actually matches official Google contact details.
Sam Mitrovic, a solutions consultant at Microsoft, came across this by chance attention to the sophisticated fraud attempt. He reports that the alleged Google employee claimed on the phone that his account had been compromised for a week.
The caller said hello, I ignored it, then about 10 seconds later he said hello again. At this point, I recognized it as an AI voice because the pronunciation and spacing were too perfect, said Sam Mitrovic, solutions consultant at Microsoft
The attackers apparently use state-of-the-art speech synthesis technology to almost perfectly imitate human voices. In combination with social engineering techniques such as feigned urgency, the aim is to persuade victims to reveal their access data.
Google’s fight against fraudsters
To counter such threats, Google recently launched the “Global Signal Exchange”. This threat intelligence sharing platform was created in collaboration with the Global Anti-Scam Alliance and the DNS Research Federation. Amanda Storey, head of trust and security at Google, explains:
GSE aims to improve the exchange of abuse signals and enable faster identification and disruption of fraudulent activity across different sectors, platforms and services. Amanda Storey, Head of Trust and Security at Google
The platform aims to provide real-time insights into fraud and cybercrime patterns.
Protection against phishing attacks
Experts recommend increased vigilance when encountering unexpected contacts, even if they seem trustworthy. Important protective measures are:
- Stay calm and don’t allow yourself to be put under pressure
- Check sender addresses and phone numbers carefully
- If in doubt, contact support directly via official channels
- Never give out sensitive information over the phone or by email
Conclusion
Users should be aware that Google employees will not call unsolicited to request account details. This also applies to other companies; you should never give out data over the phone. If you suspect a fraud attempt, it is advisable to end the conversation immediately and report the incident.
