According to Google statistics, there are currently more than 2.5 billion users using Gmail. This is a lucrative target for hackers and online scammers.

Recently, Sam Mitrovic – a Microsoft solution consultant – issued a warning after he almost became a victim of a “hyperrealistic AI scam call” that is capable of fooling even the most experienced users.

In the blog, he said he received a Gmail account recovery approval notice, a common phishing attack method.

After ignoring this notice, nearly a week later he received another request for approval followed by a phone call 40 minutes later.

When he answered the phone, he heard an American accent, claiming to be a Google support employee and saying his Gmail account had suspicious activity.

hnovv31i.png
Hackers use many forms of AI-based fraud to try to hijack Gmail accounts. Photo: Cnet

The caller continued to ask confusing questions, adding that a hacker had accessed Mitrovic's account in the past 7 days and downloaded account data, which reminded him of the notification and missed call from a week ago.

While answering the phone, Mitrovic Googled the number and found that it led to official Google websites. He asked the caller to email the account.

At first, the email seemed legitimate – the sender used a Google domain – but when he checked the recipient, he found another email that didn't use a Google domain.

“The caller said ‘hello’. I ignored it for about 10 seconds, and then it said ‘hello’ again. At this point, I realized it was an AI voice with perfect pronunciation,” Mitrovic blogged.

Without Mitrovic's experience and composure, an ordinary Gmail user could have been fooled.

Google announced that it has joined forces with the Global Anti-Phishing Alliance (GASA) and the DNS Research Federation in a new initiative to fight scammers.

Global Signals acts as a fraud and scam intelligence sharing platform, providing real-time information on the cybercrime supply chain.

Leveraging each organization's strengths, Google hopes the platform will improve intelligence sharing, helping to more quickly identify and disrupt fraudulent activity across different industries, platforms, and services.

The Global Signals Platform runs on Google Cloud to enable all participants to share and use information, while benefiting from the platform's AI capabilities to intelligently search for patterns and match signals.

Deepfake AI isn't just used for porn and political purposes, it's also being used to take over people's accounts.

So, the advice is to stay calm when someone claiming to be from Google approaches you. Never make a hasty decision no matter how urgent the caller seems.

It's just a sense of urgency that scammers use to change your normal judgment, so you click on the link or provide the information they need.

For journalists, activists, or those with important accounts, consider joining Google's advanced protection program.

Previously, the downside of the program was having to purchase two physical security keys to use when logging into an account, but the financial burden has been removed since Google announced support for passkeys.

The mechanism of the advanced protection program is as follows: when logging in to your Google account for the first time on any device, you need a passkey (on a smartphone) and biometrics for verification. If you do not have a passkey, you cannot log in.

In case a bad guy tries to use the account recovery method to take over, the program will take a few more steps to verify your identity. The process takes several days, which means hackers can't easily scam you.

(According to Forbes, Sammitrovic)