Report 4771

Associated Incidents

Incident 9428 Report
Cybercriminals Reportedly Exploited Google’s G.Co Subdomain and Spoofed Caller ID in AI-Driven Phishing Attack on Hack Club Founder

Loading...
AI-driven phishing scams are the new entrant to the hacking era. Here's how you can stay safe
edexlive.com · 2025

Worried about scams carried out by humans that may leave you bankrupt? According to a Forbes article, Zach Latta, Founder of Hack Club, recently fell victim to an Artificial Intelligence (AI)-driven phishing attack.

According to Latta, he had received a call from a number with a Google caller ID and from an American support technician warning that someone had compromised their Google account, which was blocked temporarily by Google.

The support technician had then sent an email to their Gmail account, which Latta had requested to confirm that the technician genuinely belonged to the company. While the technician passed all the checks, in the end, Latta trusted their gut and did not click on the code sent by the technician that could have reset his Gmail, further giving them access to the account.

Latta further told Forbes that the AI technician sounded as real as a human and was "super realistic".

"Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats," Spencer Starkey, a Vice-President at SonicWall told Forbes.

Here are a few methods that may help you avoid such scams in the future\

  • Consumers should remain calm if approached by someone claiming to be from Google support --- such calls are likely fraudulent.\
  • To verify if your account is compromised, use Google Search and your Gmail account's security features. Specifically, check recent activity by scrolling to the bottom of your Gmail page and look for activity updates.

Gmail's Advanced Protection Program and Google Passkeys\

  • The Advanced Protection Program is a key feature for securing high-risk accounts, such as those of journalists, activists, and politicians, but is available to everyone.

How can it be used?\

  • Requires a passkey or hardware security key to sign in.\
  • Even with a stolen username and password, unauthorised access is prevented without the physical passkey and biometric verification.

How does this enhanced security feature work?\

  • When signing up for new apps, Google's Advanced Protection Program restricts third-party access to only Google apps and verified third-party apps, enhancing account security.\
  • The programme may lead to additional warnings or alerts, and optional security features will be automatically activated for better protection.
Read the Source