Over 2.5 billion Gmail users are at risk.

According to Google's statistics, there are currently over 2.5 billion users of Gmail. This makes it a lucrative target for hackers and online scammers.

Recently, Sam Mitrovic, a Microsoft solutions consultant, issued a warning after he nearly became a victim of a "hyperreal AI scam call," capable of deceiving even the most experienced users.

In his blog post, he stated that he received a notification approving his Gmail account recovery, a common phishing attack method.

After ignoring this notification, nearly a week later, he received another approval request followed by a 40-minute phone call.

When he answered the phone, he heard an American accent, who identified himself as a Google support employee and said that his Gmail account had been showing suspicious activity.

The caller continued to ask questions that confused the listener, adding that a hacker had accessed Mitrovic's account over the past seven days and downloaded account data. This reminded him of the notification and missed call from a week earlier.

As soon as he answered the phone, Mitrovic Googled the phone number and discovered it led to official Google websites. He asked the caller to send him an email to his account.

Initially, the email seemed legitimate – the sender used a Google domain – but upon checking the recipient section, he found another email address that didn't use a Google domain.

“The caller said ‘hello.’ I ignored it for about 10 seconds, and then it said ‘hello’ again. At this point, I realized it was an AI voice with perfect pronunciation,” Mitrovic’s blog post read.

Without the experience and composure of Mitrovic, an average Gmail user could easily be fooled.

Google announced it has partnered with the Global Anti-Phishing Alliance (GASA) and the DNS Research Federation in a new initiative to combat scammers.

The Global Signals Exchange acts as a platform for sharing information about scams and fraud, providing real-time insights into the cybercrime supply chain.

By leveraging the strengths of each organization, Google hopes the platform will improve news exchange, helping to identify and dismantle fraudulent activities more quickly across different sectors, platforms, and services.

The Global Signals Exchange runs on Google Cloud to allow all participating parties to share and utilize information, while benefiting from the platform's AI capabilities to intelligently search for patterns and match signals.

Deepfake AI isn't just used for pornography and politics ; it's also being used to hijack people's accounts.

Therefore, the advice is to remain calm when someone claiming to be a Google employee approaches you. Never make a hasty decision, no matter how urgent the caller seems.

It's just a sense of urgency that scammers create to alter your normal judgment, so that you click on links or provide the information they need.

For journalists, activists, or those who manage sensitive accounts, Google's enhanced protection program might be a good option.

Previously, a drawback of the program was the need to purchase two hardware security keys for account login, but this financial burden has been removed since Google announced support for passkeys.

The enhanced security program works as follows: when logging into your Google account for the first time on any device, you will need both your passkey (on your smartphone) and biometric verification. Without your passkey, you cannot log in.

In the event that a malicious actor attempts to use the account recovery method to gain control, the program will perform additional steps to verify identity. This process takes several days, meaning hackers cannot easily commit fraud.

(According to Forbes, Sammitrovic)