Everyday, scams are getting more and more sophisticated. As we have mentioned before, scammers are constantly trying to figure out new and innovative ways to trick people into handing over their sensitive information. Compared to even just five years ago, today’s scams are more convincing and operate on a larger scale. Furthermore, with the massive developments in Artificial Intelligence (AI) that have been made in the last few years, scammers have figured out ways to use the technology to support their attacks.
Security researchers recently sent out a warning to Gmail users who may be susceptible to a new AI-based scam that could lead to their account being taken over/stolen. The scam starts with a fraudulent email prompt to approve a Gmail account recovery attempt. This is not a new concept, as many scams start with fake login prompts. However, if the email is ignored, then the scammers will call. In this particular scam, scammers call their victim using an AI-generated voice pretending to be a Google support employee.
They have figured out how to make the Caller ID look legitimate, though it is not verified, and the AI component makes the voice sound legitimately American. During the call, the voice claims that they noticed some suspicious activity on your account, and that someone had accessed it a week ago, and offers to send an email detailing what happened. In order to gain the trust of the victim, the caller asks if they are travelling and if they logged in from another country, and states that whoever did log in from that location had already stolen data from the victim’s account. This narrative makes it sound like the caller is legitimately trying to help. Then, the scammer will inevitably prompt you to give them your account information.
In another version of this scam, the voice says that Google needs to check that you are still alive because a family member has tried submitting a death certificate on your behalf to recover your account. They will then prompt you to respond to an email that they send in order to recover your account. These particular scams are tricky because the AI-generated voice, spoofed phone number, and spoofed email address all appear to be legitimate.
Since the discovery of this scam and other similar AI-based scams, Google has released some tips on how to spot Google-related scams. They stated that users should always be wary of emails from accounts that they are not familiar with, especially if the email is asking them to provide sensitive information. If you receive any password reset or account recovery emails that you did not initiate, they should always be ignored. In general, many scams can be spotted if there is bad grammar, misspellings, or unusual fonts within the content of the email, though these clues are being seen less and less since the development of AI chatbots that can correct and generate writing. Any urgent email asking for personal information should always be met with skepticism, even if the sender is familiar. They also advised to never click links in text messages or emails or provide sensitive information over the phone. Also, it is important to remember that Google support will never contact you out of the blue like in the above scams.
Read our previous post here: New Phishing Attack Uses Chrome’s Kiosk Mode
