Description: Scammers used an AI-generated voice to impersonate a Google representative in an attempt to steal Gmail account credentials from security expert Sam Mitrovic. The AI-driven phishing call used a spoofed Google phone number and a fabricated email, making the scam appear legitimate. Mitrovic noted that the caller’s professional demeanor, coupled with AI-generated speech and a Google-related number, could easily deceive unsuspecting users.
Editor Notes: Timeline notes: On October 7th, 2024, Sam Mitrovic, a security expert, is reported to have received an unsolicited Gmail recovery notification and a missed call seemingly from Google. A week later, on October 14th, 2024, Mitrovic is also reported to have received a similar recovery notification, followed by another call, which he answered. Please also refer to Incidents 941 and 942.
推定: Unknown scammers , Google , Gmail と Unknown spoofing technologyが開発し提供したAIシステムで、Sam Mitrovicに影響を与えた
インシデントのステータス
Risk Subdomain
A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
4.3. Fraud, scams, and targeted manipulation
Risk Domain
The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
- Malicious Actors & Misuse
Entity
Which, if any, entity is presented as the main cause of the risk
Human
Timing
The stage in the AI lifecycle at which the risk is presented as occurring
Post-deployment
Intent
Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
Intentional