A sophisticated AI-powered phishing attack on Gmail users has been accidentally uncovered. The scam could fool even experienced users. We’ll show you how you can protect yourself and what Google is doing about it.
A sophisticated phishing attempt using artificial intelligence is currently threatening Gmail’s more than 2.5 billion users. The attackers use a combination of fake emails, calls and AI-generated speech to obtain sensitive account data. Even experienced users could fall for this scam, reports Forbes. The attack begins with an innocuous notification confirming an account recovery.
If the user ignores this, a supposed call from Google follows about 40 minutes later. Particularly tricky: the phone number displayed actually matches official Google contact details.
Sam Mitrovic, a solutions consultant at Microsoft, came across this by chance attention to the sophisticated fraud attempt. He reports that the alleged Google employee claimed on the phone that his account had been compromised for a week.
The caller said hello, I ignored it, then about 10 seconds later he said hello again. At this point, I recognized it as an AI voice because the pronunciation and spacing were too perfect, said Sam Mitrovic, solutions consultant at Microsoft
The attackers apparently use state-of-the-art speech synthesis technology to almost perfectly imitate human voices. In combination with social engineering techniques such as feigned urgency, the aim is to persuade victims to reveal their access data.
To counter such threats, Google recently launched the “Global Signal Exchange”. This threat intelligence sharing platform was created in collaboration with the Global Anti-Scam Alliance and the DNS Research Federation. Amanda Storey, head of trust and security at Google, explains:
GSE aims to improve the exchange of abuse signals and enable faster identification and disruption of fraudulent activity across different sectors, platforms and services. Amanda Storey, Head of Trust and Security at Google
The platform aims to provide real-time insights into fraud and cybercrime patterns.
Experts recommend increased vigilance when encountering unexpected contacts, even if they seem trustworthy. Important protective measures are:
Users should be aware that Google employees will not call unsolicited to request account details. This also applies to other companies; you should never give out data over the phone. If you suspect a fraud attempt, it is advisable to end the conversation immediately and report the incident.
An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…
After the new Google smartphones in the Pixel 11 series, official marketing images of the…
A French consumer protection association is taking Epson to court. The accusation is of planned…
After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…
Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…
Interested users can now install the first public beta version of iOS 27 on their…