With the rise of artificial intelligence (AI), its applications are not limited to positive uses—cybercriminals are now using AI for deceptive purposes, including a growing threat known as 'spoofing'. Spoofing involves impersonating legitimate entities to gain unauthorised access to digital accounts, with Gmail being a prime target due to its massive user base of over 2.5 billion. A new technique, the super realistic AI scam call, has become a powerful weapon for fraudsters looking to exploit unsuspecting users.
How AI Spoofing Targets Gmail Users
Recently, cyber experts have observed an increase in AI-powered scam calls aimed at Gmail users. In a real-life case shared by Sam Mitrovic, the founder of CloudJoy, he was deceived by a well-coordinated spoofing attack. Mitrovic received an email that mimicked an account recovery notification from Gmail. When he rejected the email, he was soon contacted by a phone number claiming to be from 'Google Sydney', using a convincingly fake caller ID.
A week later, Mitrovic received another Gmail recovery notice, followed by a call from what appeared to be a legitimate Google support number. The caller informed him that his Gmail account had been accessed by overseas hackers who had downloaded his personal data. The convincing nature of the calls, combined with the realistic-looking email from the Google domain, made the attack difficult to detect at first.
The Tools Behind the Spoofing Attack
The success of this AI-powered scam hinged on a few key elements
Legitimate-looking Phone Numbers: Hackers utilised phone numbers similar to those listed on Google’s official support page, making the calls seem trustworthy.
AI Voice Bots: A convincing AI voice bot was used to impersonate Google support staff, further solidifying the illusion.
Emails from Google-like Domains: Emails appeared to come from Google's domain, although they were cleverly spoofed using platforms like Salesforce CRM, adding to the believability of the scam.
This combination of realistic emails, phone calls, and AI-driven interactions created a highly convincing scam that even experienced tech professionals like Mitrovic found hard to recognise.
How to Protect Your Gmail Account from AI Spoofing Attacks
As AI-powered spoofing becomes more sophisticated, it’s crucial for Gmail users to stay vigilant and adopt security measures to protect their accounts. Here are a few key steps you can take
Cross-Verify Calls
Google rarely makes unsolicited calls about Gmail accounts. However, if you’re connected to a Google Business profile, you may receive emails first. If you ever receive a suspicious call claiming to be from Google, always cross-check the number using apps like Truecaller to verify its legitimacy. If flagged as a scam, do not engage with the caller.
Monitor Account Activity
If you suspect any suspicious activity on your Gmail account, immediately review your recent account usage. Click on your profile picture, go to “Manage Your Google Account”, then select “Data & Privacy” followed by “My Activity”. This allows you to see if there have been any unauthorised logins or actions taken on your account.
Don’t Trust Recovery Emails Blindly
Hackers can easily fake Gmail recovery notifications. Before acting on any recovery email, verify its legitimacy through other channels, such as logging directly into your account and reviewing account security alerts from the official Google interface.
Enable Two-Factor Authentication (2FA)
Enabling 2FA adds an extra layer of security to your Gmail account. Even if a hacker obtains your password, they would need access to your second form of authentication (such as a mobile device or security key) to gain entry. This makes it much more difficult for cybercriminals to hijack your account.
Avoid Sharing Sensitive Information Over the Phone
Legitimate Google representatives will never ask for sensitive account details over the phone. If someone contacts you requesting such information, it’s likely a scam. Always report these incidents to Google immediately.
Stay Informed
Regularly read security updates and tips from trusted sources on emerging cyber threats. Staying informed will help you recognise potential risks early on.
As AI technology continues to advance, so do the methods used by cybercriminals to deceive and exploit users. Gmail users, in particular, must remain cautious and proactive when it comes to account security. Always be sceptical of unsolicited recovery emails, suspicious calls, and any communication that seems too urgent or threatening. By following best practices and remaining vigilant, you can significantly reduce your risk of falling victim to AI-powered scams.
How AI Spoofing Targets Gmail Users
Recently, cyber experts have observed an increase in AI-powered scam calls aimed at Gmail users. In a real-life case shared by Sam Mitrovic, the founder of CloudJoy, he was deceived by a well-coordinated spoofing attack. Mitrovic received an email that mimicked an account recovery notification from Gmail. When he rejected the email, he was soon contacted by a phone number claiming to be from 'Google Sydney', using a convincingly fake caller ID.
A week later, Mitrovic received another Gmail recovery notice, followed by a call from what appeared to be a legitimate Google support number. The caller informed him that his Gmail account had been accessed by overseas hackers who had downloaded his personal data. The convincing nature of the calls, combined with the realistic-looking email from the Google domain, made the attack difficult to detect at first.
The Tools Behind the Spoofing Attack
The success of this AI-powered scam hinged on a few key elements
How to Protect Your Gmail Account from AI Spoofing Attacks
As AI-powered spoofing becomes more sophisticated, it’s crucial for Gmail users to stay vigilant and adopt security measures to protect their accounts. Here are a few key steps you can take
Google rarely makes unsolicited calls about Gmail accounts. However, if you’re connected to a Google Business profile, you may receive emails first. If you ever receive a suspicious call claiming to be from Google, always cross-check the number using apps like Truecaller to verify its legitimacy. If flagged as a scam, do not engage with the caller.
If you suspect any suspicious activity on your Gmail account, immediately review your recent account usage. Click on your profile picture, go to “Manage Your Google Account”, then select “Data & Privacy” followed by “My Activity”. This allows you to see if there have been any unauthorised logins or actions taken on your account.
Hackers can easily fake Gmail recovery notifications. Before acting on any recovery email, verify its legitimacy through other channels, such as logging directly into your account and reviewing account security alerts from the official Google interface.
Enabling 2FA adds an extra layer of security to your Gmail account. Even if a hacker obtains your password, they would need access to your second form of authentication (such as a mobile device or security key) to gain entry. This makes it much more difficult for cybercriminals to hijack your account.
Legitimate Google representatives will never ask for sensitive account details over the phone. If someone contacts you requesting such information, it’s likely a scam. Always report these incidents to Google immediately.
Regularly read security updates and tips from trusted sources on emerging cyber threats. Staying informed will help you recognise potential risks early on.
You may also like
Gujarat police host garba night for officers, families in Ahmedabad
From SpaceX to Neuralink: The Elon Musk companies changing the world
Bangladeshi professor raises concern over attacks on minorities
People of Maharashtra, Jharkhand will expose Cong & choose NDA govt: BJP
Odisha: BJD to organise blood donation camps on 79th birthday of Naveen Patnaik on Wednesday
