Google Confirms Sophisticated AI-Driven Gmail Phishing Scam, FBI Issues Warning
3 Sources
3 Sources
[1]
Do NOT ignore this Gmail phishing scam, FBI warns
Google has confirmed a recent sophisticated phishing attack targeting its Gmail users, emphasizing the need for users to remain vigilant against AI-driven scams. The attack was described as highly targeted and complex, involving fraudulent support calls disguised as legitimate communications from Google. According to The Register, Zach Latta, a tech-savvy engineer and founder of Hack Club, nearly fell victim to the scam. The attackers, masquerading as Google support, alerted him to an unusual login attempt from Frankfurt and instructed him to reset his password. The call originated from a legitimate Google Assistant number, 650-203-0000, and appeared to come from a Google caller ID. Latta reported that the scammer, using the name Chloe, spoke in an American accent and conveyed information that initially seemed credible. Latta remained cautious, asking for a confirmation email from a genuine Google domain. The scammers complied, sending an email from an unspoofed address. Even when Latta inquired about calling the number back, Chloe's calm response inhibited his further action. The scam began to unravel when Chloe's colleague, Solomon, provided conflicting information during their conversation, along with a genuine two-factor authentication (2FA) code that added to the confusion. How AI is making phishing scams unstoppable Latta reflected on the situation, stating, "The thing that's crazy is that if I followed the two 'best practices' of verifying the phone number and getting them to send an email to you from a legit domain, I would have been compromised." He highlighted the challenge of identifying the legitimacy of the call, especially considering the use of g.co, a legitimate Google subdomain that anyone can utilize to create a Workspace account without verification. A Google spokesperson confirmed the company has suspended the account involved in this scam and is taking measures to enhance defenses against similar threats. The spokesperson stated, "We have not seen evidence that this is a wide-scale tactic, but we are hardening our defenses against abusers leveraging g.co references at sign-up to further protect users." Google reiterated that it does not initiate unsolicited contact with individuals regarding account issues. The issue of fraudulent support calls is widespread, affecting not only Google users but also customers of various financial institutions and tech companies. The FBI has issued warnings about such scams, reinforcing that legitimate companies will not make unsolicited contact. Google and other companies are urged to communicate clear warnings on all platforms to prevent users from falling victim to these tactics.
[2]
Gmail warns users to secure accounts after 'malicious' AI hack...
Sophisticated scams fueled by artificial intelligence are threatening the security of billions of Gmail users. security warning issued As AI-powered phone calls mimicking human voices have become incredibly realistic, a new report from Forbes warned that the email service's 2.5 billion users could be targeted by "malicious" actors that are employing AI to dupe customers into handing over credentials. The outlet reported that the cybercriminals deploy phone calls posing as Google support -- complete with a caller ID that looks convincingly legitimate. The technician might say the person's account has been compromised in some way, or that they are attempting an account recovery. The so-called support agent will then send an email to the user's Gmail account from what appears to be a legitimate Google email address to confirm the account was compromised and receive a code to recover the account. For Zach Latta, the founder of the Hack Club, this is where he stopped the elaborate scam. "She sounded like a real engineer, the connection was super clear, and she had an American accent," Latta told Forbes. Despite how real the voice on the other end of the line sounds, however, it is a scheme to trick customers into handing over precious login information to gain access to their accounts. Garry Tan, the founder of venture capital firm Y Combinator, issued a "public service announcement" on X after receiving convincing phishing emails and phone calls. "They claim to be checking that you are alive and that they should disregard a death certificate filed that claims a family member is recovering your account," he wrote. "It's a pretty elaborate ploy to get you to allow password recovery." Simiarly, Sam Mitrovic, a Microsoft solutions consultant, experienced the same phenomenon months ago, according to a blog post written at the time. He recalled receiving a Google account recovery attempt notification, followed less than an hour later by a phone call that looked like it was from the tech company, but he ignored it. A week later, it happened again. This time, he picked up. "It's an American voice, very polite and professional. The number is Australian," he recounted, adding that he verified the phone number on an official Google support page. "He introduces himself and says that there is suspicious activity on my account. He asks if I'm traveling, when I said no, he asks if I logged in from Germany to which I reply no." Then, the agent informs Mitrovic that "someone has had access to my account for a week" and was offering to help him secure it, but, luckily, he noticed that the follow-up email sent by the caller was a spoofed email address and stopped answering. "The caller said 'Hello,' I ignored it then about 10 seconds later, then said 'Hello' again," he described. "At this point I released it as an AI voice as the pronunciation and spacing were too perfect." Upon double-checking his log-in sessions in his Google account settings, he saw that the only log-ins were his own. "Despite many red flags upon closer inspection, this call seemed legitimate enough to trick many people," he warned. "The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale." To protect yourself and your accounts from malicious actors, Forbes advised turning on "Advanced Protection," which, according to a Google spokesperson, "takes extra steps to verify your identity" with the use of passkeys and smart keys to keep your account secure, even if hackers have your credentials.
[3]
Gmail confirms AI hacking, warns its 2.5 billion users
Google users have reported two-factor authentication bypass threats and novel attacks. Google also confirms the vulnerabilities of its AI.Gmail has confirmed an AI hack and has warned its 2.5 billion users. The cybercriminals convince you they belong to Google support, with caller IDs that appear legitimate. They will say your account has been compromised by someone and that they are attempting an account recovery. The 'support agent' will send an email to the user's Gmail account. The sender's email account will appear genuine and a recovery code will be sent to you, Forbes reports. Zach Latta, the founder of Hack Club, sensed at this stage that all this might be an elaborate scam. "She sounded like a real engineer, the connection was super clear, and she had an American accent," Latta told Forbes. As much as the voice on the other side sounds genuine, it's a scam to trick customers to hand over their login credentials to gain access to their accounts. "Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats," a vice-president at SonicWall, Spencer Starkey said. "This requires a proactive and flexible approach to cybersecurity, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning." Also Read : DeepSeek's AI model delivers answers on par with ChatGPT -- But there's a catch According to the New York Post, the founder of venture capital firm Y Combinator Garry Tan posted an announcement on X following convincing phishing emails and calls. "They claim to be checking that you are alive and that they should disregard a death certificate filed that claims a family member is recovering your account," he wrote. "It's a pretty elaborate ploy to get you to allow password recovery." Another user, Sam Mitrovic, who is a Microsoft solutions consultant, faced the same situation months ago. He had written a blog post at that time. He had received a notification regarding Google account recovery, followed by a phone call an hour later. He had ignored the call at the time. But this happened the next time and he picked it up. "It's an American voice, very polite and professional. The number is Australian," he recalled, He added that he had also verified the phone number on an official Google support page. "He introduces himself and says that there is suspicious activity on my account. He asks if I'm traveling, when I said no, he asks if I logged in from Germany to which I reply no." Then the agent informed Sam that someone had the access to his account for a week, and he offered to help him secure it. But then he noticed the follow-up email address was a suspicious one and so he stopped answering further. Also Read : Human ear muscle moves when listening hard: Study Forbes has advised to stay calm in such a situation and hang up any call one receives from 'Google support', as they won't call users. It further advises to use resources like Google search or the Gmail account to check the phone or if anyone unfamiliar has an access to your account. Using the web client to scroll to the bottom right will lead you to a link to see all the recent activity on your account. Q1. What is Phishing? A. Phishing is a cyber attack where one is sent fake communications to steal sensible information. Q2. Does Gmail have two-factor authentication? A. Yes, Gmail has a two-factor authentication system to protect you from someone accessing your account.
Share
Copy Link
A sophisticated AI-powered phishing scam targeting Gmail users has been confirmed by Google, prompting warnings from the FBI. The scam involves convincing fake support calls and emails, highlighting the growing threat of AI in cybercrime.
Sophisticated AI-Driven Phishing Scam Targets Gmail Users
Google has confirmed a sophisticated phishing attack targeting its 2.5 billion Gmail users, leveraging artificial intelligence to create highly convincing scams 1. The FBI has issued warnings about these AI-powered scams, emphasizing the need for users to remain vigilant against increasingly realistic cyber threats 2.
Anatomy of the Scam
The phishing attack involves fraudulent support calls disguised as legitimate communications from Google. Cybercriminals use AI to mimic human voices, creating incredibly realistic phone conversations 2. Key elements of the scam include:
- Calls originating from legitimate-looking Google numbers
- Scammers posing as Google support engineers
- Alerts about fake login attempts or account compromises
- Requests for password resets or account recovery
- Follow-up emails from seemingly legitimate Google domains
Zach Latta, founder of Hack Club, nearly fell victim to this scam, reporting that the attacker "sounded like a real engineer" with a clear American accent 13.
AI's Role in Enhancing Scam Sophistication
The integration of AI in these phishing attempts has significantly increased their effectiveness:
- Voice synthesis: AI-generated voices sound remarkably human-like
- Natural language processing: Scammers can engage in complex, context-aware conversations
- Personalization: Attacks can be tailored using publicly available information
- Scale: AI allows for the deployment of these scams on a massive scale
Spencer Starkey, a vice-president at SonicWall, emphasized that "Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls" 3.
Protective Measures and Expert Advice
To combat these sophisticated threats, experts and Google recommend several protective measures:
- Enable Advanced Protection: Google suggests turning on this feature, which adds extra steps to verify user identity 2
- Use passkeys and smart keys: These provide additional security even if hackers obtain login credentials
- Verify account activity: Regularly check recent account activity through the Gmail web client
- Be skeptical of unsolicited calls: Google and other companies do not initiate unsolicited contact regarding account issues 1
- Hang up and verify independently: If receiving a suspicious call, hang up and contact the company through official channels
Industry Response and Future Implications
The emergence of these AI-driven scams has prompted responses from tech leaders and cybersecurity experts. Garry Tan, founder of Y Combinator, issued a public service announcement on social media, warning about the elaborate nature of these phishing attempts 23.
Google has confirmed that it has suspended the account involved in the reported scam and is taking measures to enhance defenses against similar threats. A Google spokesperson stated, "We have not seen evidence that this is a wide-scale tactic, but we are hardening our defenses against abusers leveraging g.co references at sign-up to further protect users" 1.
As AI technology continues to advance, the cybersecurity landscape is likely to face increasingly sophisticated challenges. This incident underscores the need for ongoing education, vigilance, and technological countermeasures to protect users in the evolving digital ecosystem.
NVIDIA Unveils Major GeForce NOW Upgrade with RTX 5080 Performance and Expanded Game Library
NVIDIA announces significant upgrades to its GeForce NOW cloud gaming service, including RTX 5080-class performance, improved streaming quality, and an expanded game library, set to launch in September 2025.
9 Sources
Technology
3 hrs ago
9 Sources
Technology
3 hrs ago
Space: The New Frontier of 21st Century Warfare
As nations compete for dominance in space, the risk of satellite hijacking and space-based weapons escalates, transforming outer space into a potential battlefield with far-reaching consequences for global security and economy.
7 Sources
Technology
19 hrs ago
7 Sources
Technology
19 hrs ago
OpenAI Tweaks GPT-5 to Be 'Warmer and Friendlier' Amid User Backlash
OpenAI updates GPT-5 to make it more approachable following user feedback, sparking debate about AI personality and user preferences.
6 Sources
Technology
11 hrs ago
6 Sources
Technology
11 hrs ago
Russian Disinformation Campaign Exploits AI to Spread Fake News
A pro-Russian propaganda group, Storm-1679, is using AI-generated content and impersonating legitimate news outlets to spread disinformation, raising concerns about the growing threat of AI-powered fake news.
2 Sources
Technology
19 hrs ago
2 Sources
Technology
19 hrs ago
AI in Healthcare: Patients Trust AI Medical Advice Over Doctors, Raising Concerns and Challenges
A study reveals patients' increasing reliance on AI for medical advice, often trusting it over doctors. This trend is reshaping doctor-patient dynamics and raising concerns about AI's limitations in healthcare.
3 Sources
Health
11 hrs ago
3 Sources
Health
11 hrs ago
Your Daily Dose of Curated AI News
Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.
