While the proliferation of Artificial Intelligence (AI) is primarily for constructive purposes, instances have emerged where AI is being employed for malicious activities. One such instance is “spoofing”, intended to take unauthorised control of digital accounts, including Gmail, one of the world’s leading email services. For cybercriminals, Gmail has become an easy target, given its huge users of over 2.5 billion accounts. A new trick called the “super realistic AI scam call” is being used to trick users.
In a detailed blog post, Sam Mitrovic, an expert on security products and founder of CloudJoy stated how he was duped recently. Mitrovic received an email resembling an approval notification for his Gmail account recovery. After he rejected the “approval notification’, it was followed by a phone call with “Google Sydney” displayed as the caller ID.
In a week’s time, he received another Gmail recovery notification followed by a phone call. The call appeared to have come from a legitimate phone number listed on Google’s support page. The caller informed Mitrovic of “his account had been accessed from overseas, and that hackers had downloaded his personal data.”
Another email followed, notifying him of the issue in text format. Since the email came from Google domain, it was easy to be fooled. Mitrovic investigated further and discovered that it was a spoofing attempt to get access to his Gmail account.
It is to be noted that all it takes for hackers to take control of your account is a legitimate phone number similar to Google Workspace support, a convincing AI voice bot, and an email appearing to have come from the Google domain, which can be faked using a Salesforce CRM.
Follow the steps below to secure your Gmail account from getting hacked:
– Google generally does not make calls regarding your Gmail account. However, if your account is connected to a Google Business profile, the company will contact you via email first.
– You need to cross-verify the number if you receive a suspicious call by using platforms like Truecaller, and check whether the caller has been flagged as a ‘scam’.
– If you notice any suspicious activity regarding your Gmail account, click on your profile picture, navigate to “Manage your Google account”, and then click on “Data & Privacy” followed by “My Activity” to review your activities.