Associated Incidents
Cybercriminals are increasingly utilizing AI technology to execute sophisticated scams, particularly targeting Gmail users. With over 2.5 billion accounts, Gmail presents an attractive opportunity for scammers employing a tactic known as a “super realistic AI scam call,” which can deceive even tech-savvy individuals.
Sam Mitrovic, founder of CloudJoy and a security expert, recently shared his experience of falling victim to such a scam. He received an email that appeared to be an approval notification for his Gmail account recovery, followed by a phone call displaying “Google Sydney” on the caller ID.
A week later, he received another recovery notification and a similar phone call from a legitimate phone number listed on Google’s support page. The caller claimed that his account had been accessed from overseas for over a week, and personal data linked to the account had been downloaded. An email confirming this issue, originating from a Google domain, further added to the scam’s credibility.
Mitrovic initially suspected foul play and sought validation online, eventually confirming that he was indeed targeted in a spoofing attempt aimed at taking over his Gmail account. The scam employed a legitimate-sounding AI voice bot, a Google domain email spoofed through Salesforce CRM, and a phone number identical to Google Workspace support, making it easy to trick unsuspecting users into divulging their credentials.
Historically, such scams required human resources to make calls, but the advancement of AI voice models has simplified the process, allowing scammers to initiate thousands of calls simultaneously.
To protect against these threats, users should be aware that Google rarely contacts individuals by phone regarding personal accounts, usually preferring email. If you receive suspicious calls, it’s advisable to verify the number through platforms like Truecaller. Regularly reviewing Gmail activity and enabling two-factor authentication (2FA) methods can also bolster security. Ultimately, vigilance is essential in safeguarding digital identities, as hackers continuously refine their tactics to exploit unsuspecting users.