Google Confirms Sophisticated AI-Driven Gmail Phishing Scam, FBI Issues Warning

Do NOT ignore this Gmail phishing scam, FBI warns

Google has confirmed a recent sophisticated phishing attack targeting its Gmail users, emphasizing the need for users to remain vigilant against AI-driven scams. The attack was described as highly targeted and complex, involving fraudulent support calls disguised as legitimate communications from Google. According to The Register, Zach Latta, a tech-savvy engineer and founder of Hack Club, nearly fell victim to the scam. The attackers, masquerading as Google support, alerted him to an unusual login attempt from Frankfurt and instructed him to reset his password. The call originated from a legitimate Google Assistant number, 650-203-0000, and appeared to come from a Google caller ID. Latta reported that the scammer, using the name Chloe, spoke in an American accent and conveyed information that initially seemed credible. Latta remained cautious, asking for a confirmation email from a genuine Google domain. The scammers complied, sending an email from an unspoofed address. Even when Latta inquired about calling the number back, Chloe's calm response inhibited his further action. The scam began to unravel when Chloe's colleague, Solomon, provided conflicting information during their conversation, along with a genuine two-factor authentication (2FA) code that added to the confusion. How AI is making phishing scams unstoppable Latta reflected on the situation, stating, "The thing that's crazy is that if I followed the two 'best practices' of verifying the phone number and getting them to send an email to you from a legit domain, I would have been compromised." He highlighted the challenge of identifying the legitimacy of the call, especially considering the use of g.co, a legitimate Google subdomain that anyone can utilize to create a Workspace account without verification. A Google spokesperson confirmed the company has suspended the account involved in this scam and is taking measures to enhance defenses against similar threats. The spokesperson stated, "We have not seen evidence that this is a wide-scale tactic, but we are hardening our defenses against abusers leveraging g.co references at sign-up to further protect users." Google reiterated that it does not initiate unsolicited contact with individuals regarding account issues. The issue of fraudulent support calls is widespread, affecting not only Google users but also customers of various financial institutions and tech companies. The FBI has issued warnings about such scams, reinforcing that legitimate companies will not make unsolicited contact. Google and other companies are urged to communicate clear warnings on all platforms to prevent users from falling victim to these tactics.

Gmail warns users to secure accounts after 'malicious' AI hack...

Sophisticated scams fueled by artificial intelligence are threatening the security of billions of Gmail users. security warning issued As AI-powered phone calls mimicking human voices have become incredibly realistic, a new report from Forbes warned that the email service's 2.5 billion users could be targeted by "malicious" actors that are employing AI to dupe customers into handing over credentials. The outlet reported that the cybercriminals deploy phone calls posing as Google support -- complete with a caller ID that looks convincingly legitimate. The technician might say the person's account has been compromised in some way, or that they are attempting an account recovery. The so-called support agent will then send an email to the user's Gmail account from what appears to be a legitimate Google email address to confirm the account was compromised and receive a code to recover the account. For Zach Latta, the founder of the Hack Club, this is where he stopped the elaborate scam. "She sounded like a real engineer, the connection was super clear, and she had an American accent," Latta told Forbes. Despite how real the voice on the other end of the line sounds, however, it is a scheme to trick customers into handing over precious login information to gain access to their accounts. Garry Tan, the founder of venture capital firm Y Combinator, issued a "public service announcement" on X after receiving convincing phishing emails and phone calls. "They claim to be checking that you are alive and that they should disregard a death certificate filed that claims a family member is recovering your account," he wrote. "It's a pretty elaborate ploy to get you to allow password recovery." Simiarly, Sam Mitrovic, a Microsoft solutions consultant, experienced the same phenomenon months ago, according to a blog post written at the time. He recalled receiving a Google account recovery attempt notification, followed less than an hour later by a phone call that looked like it was from the tech company, but he ignored it. A week later, it happened again. This time, he picked up. "It's an American voice, very polite and professional. The number is Australian," he recounted, adding that he verified the phone number on an official Google support page. "He introduces himself and says that there is suspicious activity on my account. He asks if I'm traveling, when I said no, he asks if I logged in from Germany to which I reply no." Then, the agent informs Mitrovic that "someone has had access to my account for a week" and was offering to help him secure it, but, luckily, he noticed that the follow-up email sent by the caller was a spoofed email address and stopped answering. "The caller said 'Hello,' I ignored it then about 10 seconds later, then said 'Hello' again," he described. "At this point I released it as an AI voice as the pronunciation and spacing were too perfect." Upon double-checking his log-in sessions in his Google account settings, he saw that the only log-ins were his own. "Despite many red flags upon closer inspection, this call seemed legitimate enough to trick many people," he warned. "The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale." To protect yourself and your accounts from malicious actors, Forbes advised turning on "Advanced Protection," which, according to a Google spokesperson, "takes extra steps to verify your identity" with the use of passkeys and smart keys to keep your account secure, even if hackers have your credentials.

Gmail confirms AI hacking, warns its 2.5 billion users

Google users have reported two-factor authentication bypass threats and novel attacks. Google also confirms the vulnerabilities of its AI.Gmail has confirmed an AI hack and has warned its 2.5 billion users. The cybercriminals convince you they belong to Google support, with caller IDs that appear legitimate. They will say your account has been compromised by someone and that they are attempting an account recovery. The 'support agent' will send an email to the user's Gmail account. The sender's email account will appear genuine and a recovery code will be sent to you, Forbes reports. Zach Latta, the founder of Hack Club, sensed at this stage that all this might be an elaborate scam. "She sounded like a real engineer, the connection was super clear, and she had an American accent," Latta told Forbes. As much as the voice on the other side sounds genuine, it's a scam to trick customers to hand over their login credentials to gain access to their accounts. "Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats," a vice-president at SonicWall, Spencer Starkey said. "This requires a proactive and flexible approach to cybersecurity, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning." Also Read : DeepSeek's AI model delivers answers on par with ChatGPT -- But there's a catch According to the New York Post, the founder of venture capital firm Y Combinator Garry Tan posted an announcement on X following convincing phishing emails and calls. "They claim to be checking that you are alive and that they should disregard a death certificate filed that claims a family member is recovering your account," he wrote. "It's a pretty elaborate ploy to get you to allow password recovery." Another user, Sam Mitrovic, who is a Microsoft solutions consultant, faced the same situation months ago. He had written a blog post at that time. He had received a notification regarding Google account recovery, followed by a phone call an hour later. He had ignored the call at the time. But this happened the next time and he picked it up. "It's an American voice, very polite and professional. The number is Australian," he recalled, He added that he had also verified the phone number on an official Google support page. "He introduces himself and says that there is suspicious activity on my account. He asks if I'm traveling, when I said no, he asks if I logged in from Germany to which I reply no." Then the agent informed Sam that someone had the access to his account for a week, and he offered to help him secure it. But then he noticed the follow-up email address was a suspicious one and so he stopped answering further. Also Read : Human ear muscle moves when listening hard: Study Forbes has advised to stay calm in such a situation and hang up any call one receives from 'Google support', as they won't call users. It further advises to use resources like Google search or the Gmail account to check the phone or if anyone unfamiliar has an access to your account. Using the web client to scroll to the bottom right will lead you to a link to see all the recent activity on your account. Q1. What is Phishing? A. Phishing is a cyber attack where one is sent fake communications to steal sensible information. Q2. Does Gmail have two-factor authentication? A. Yes, Gmail has a two-factor authentication system to protect you from someone accessing your account.