Associated Incidents
Gmail users have been warned to lookout for a worrying scam that uses AI to trick people out of their money. The highly sophisticated and 'devastating' attacks use the tool to create 'highly convincing' voice or video messages.
Reports of the new threat were face made in May last year, with America's FBI law enforcement agency issuing an alert after spotting a rise in Artificial Intelligence Scams. Some were so serious that victims were left without money and their identity stolen by online crooks.
At the time, FBI Special Agent in Charge Robert Tripp said: "Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data."
Since then, even more people have been targeted. The team at Malwarebytes has now issued new guidance on what to watch out for and how to stay safe.
The Mirror reports that according to these security experts, the new scams start with users receiving phone calls claiming their Gmail accounts have been compromised.
We use your sign-up to provide content in ways you've consented to and improve our understanding of you. This may include adverts from us and third parties based on our knowledge of you. More info
This is followed by a legitimate-looking email that appears to have come directly from Google.
"The goal is to convince the target to provide the criminals with the user's Gmail recovery code, claiming it's needed to restore the account," Malwarebytes explained.
If fooled, the criminals not only have access to the target's Gmail but also to a lot of services, which could even result in identity theft.
One of those targeted has even written a full blog post about his experience. Sam Mitrovic, a Microsoft solutions consultant, said he received a notification to approve a Gmail account recovery attempt. This was then followed by a call---which sounded genuine---saying there had been suspicious activity on his account. Luckily, Mitrovic realised something was wrong and hung up.
"The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale," Mitrovic explained.
"People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it."
Along with these account recovery scams, the FBI has added another warning about unsolicited emails and text messages which contain a link to a seemingly legitimate website that asks visitors to log in, but the linked websites are fakes especially designed to steal the credentials.
If you receive a call from Google and are then sent a link be very careful before clicking or handing over any details as it's likely to be a scam.
Malwarebytes has now issued this advice to help users stay safe.
How to avoid AI Gmail phishing
-
Never click on links or download files from unexpected emails or messages.
-
Don't enter personal information on a website unless you are certain it is legitimate.
-
Use a password manager to autofill credentials only on trusted sites.
-
Monitor your accounts for signs of unauthorized access or data leaks.
-
Verify security alerts by visiting your Google Account page directly instead of using links in emails.
-
Use multi-factor authentication (MFA) for all accounts
-
Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device.