New AI scam targets Gmail users with fake account recovery requests | CliqExplainer

A sophisticated new scam is targeting Gmail users, employing artificial intelligence to trick individuals into approving fake account recovery requests and ultimately stealing their personal data. IT consultant and tech blogger Sam Mitrovic recently shared his encounter with this AI-driven scam, highlighting the elaborate tactics scammers are using to deceive unsuspecting users.

The scam begins with an unexpected notification—either through email or a phone message—asking the user to approve a Gmail account recovery request that they did not initiate. Sam Mitrovic recounted that in his case, the recovery request originated from a different country, raising suspicions. If the user declines the request, the scammers take the deception a step further. Approximately 40 minutes after the initial recovery attempt, the user receives a phone call from what appears to be an official Google number.

Sam Mitrovic described the call as extremely convincing. The caller, with a professional and polite tone, claims to represent Google and warns the target of suspicious activity on their Gmail account. The scammer may ask if the user has logged in from a foreign country, creating alarm and making the story seem credible. In some cases, the caller ID even displays what seems to be an official Google number, further enhancing the scam’s authenticity.

Once the user is on edge, the scammer claims that someone has accessed their account and may have downloaded sensitive information. To reinforce their claim, they send an email that looks like an official communication from Google. In reality, the email is a spoof designed to mimic Google’s format. The aim is to convince the victim to approve the account recovery request, which would grant the scammers full access to their Gmail account, including sensitive personal information.

Sam Mitrovic emphasized the importance of staying vigilant to protect against these types of scams. Users are advised to never approve recovery requests they did not initiate, and to be wary of phone calls purporting to be from Google. It is also important to carefully check the sender’s email address and other details, such as the “To” field, to identify possible spoofed emails.

Additionally, Sam Mitrovic recommends that Gmail users regularly review their account security settings and recent login activity to catch any unusual or unauthorized access attempts. Checking email headers can also help tech-savvy users verify whether an email was truly sent from Google servers.

By remaining cautious and verifying unusual requests, Gmail users can protect themselves from this growing AI-powered scam.

The post appeared first on .