Associated Incidents
An AI-powered cyber-attack is targetting Gmail’s 2.5 billion account holders. The hackers reportedly reach out to Gmail users with a realistic AI scam call that claims to be from Google Support to trick them.
Sam Mitrovic, a Microsoft solutions consultant, reported the scam in a blog posted recently describing what exactly happened. Mitrovic first received a notification asking him to approve a Gmail account recovery attempt which is a usual phishing method to obtain user login credentials. After ignoring the alert, Mitrovic received another notification that he had missed a call from Google Sydney which he ignored too.
A week later, the same steps repeated with Mitrovic after which he picked up the phone call in which he was informed about suspicious activity in his Gmail account. The person claiming to be from Google Support said the attacker had downloaded Mitrovic’s account data.
The number from which he had received the call also appeared to be from a Google business page.
Eventually, Mitrovic realised the voice on the phone call was AI-generated as it was too perfect and kept repeating “Hello” after every 10 seconds.
The scam would have ideally moved towards capturing user credentials and used a type of session cookie malware that could bypass the two-factor authentication if implemented.