With more than 2.5 billion users, Gmail is quite an attractive prey for cyber hackers. Google uses strict security measures. However, attackers are coming up with new tricks and launching AI-powered Gmail scams. Here’s more on the recent scare tactics and important tips regarding the protection of your Gmail account.
The Latest AI-Driven Gmail Attacks Are Scary Good
Yet the newest case of Microsoft consultant Sam Mitrovic showed how attacks are changing. He got an SMS asking him to provide a recovery attempt for his Gmail account—one of the most common phishing scams. He ignored it; he now is experienced in warning signs: unsolicited contact. Next, a week later, things got complicated. He got another message and a call from a Google support operator who suspected some illegal activity on his account. The caller, in an American voice, aimed to establish trust by mentioning that Mitrovic had not previously accessed from Germany. The attacker had downloaded account data from the past week, escalating the urgency of the situation.
The scam used a Google-like phone number and an imitation of a legitimate Google business page, raising concerns. Mitrovic detected some inaccuracies, though. Googling the phone number revealed that it had something to do with Google Assistant calls, not support. Further, although it looked like Google in the email confirmation piece, there was a sneaky address outside Google’s domains. Last but not least, the near-flawless AI voice blew its cover.
Garry Tan, of Y Combinator, got another variant. The message claimed that a family member was attempting to recover his account based on a death certificate. The supposed Google support person requested that he re-add his phone number so they could verify the account. That is precisely when an account recovery dialog would pop up. Luckily, Tan was aware of SIM-swapping scams and never heeded that request.
It is so sophisticated that these incidents present how AI-powered phishing attacks occur. For instance, scammers use such ways to seem genuine:
- Using Google Forms: They make official-looking documents sent as part of support scams by abusing Google Forms. These forms utilize actual Google servers to send an email, which adds a layer of legitimacy to the scam.
- Copying Login Pages: The process will end up cloning the login page to steal users’ login credentials. Worse, hackers can use session cookie-stealing malware capable of bypassing two-factor authentication.
Google Fights Back: The Global Signal Exchange
As a counterreaction to the changing threats, Google partnered with the Global Anti-Scam Alliance (GASA) and the DNS Research Federation to establish the Global Signal Exchange (GSE). GSE is going to be an intelligence-sharing service that offers actual real-time insights into the current cybercrime landscapes. GSE hopes to be the central location to identify fraudulent activities across all platforms for disruption accordingly.
By leveraging Google Cloud Platform’s AI capabilities, GSE will be able to efficiently analyze vast amounts of data to identify patterns. And, then, match signals to ultimately create a user-friendly solution in combating online scams.
Staying Safe From AI-Powered Gmail Scams
Here are important tips to protect yourself against these AI-powered Gmail scams:
- Stay calm and check. Don’t panic and entertain a call from someone claiming to be from Google Support. No one from Google will ever contact you. Check the phone number on the search results. Then, check the activity in the Gmail account to see if any unauthorized access has occurred.
- Never hurry on any decision: Smelting relies on hurrying, in which judgment is blurred. Take your time and do not be bullied into clicking links or giving login credentials.
- Use Google Search: Ironically, Google Search could turn out to be your best friend in such situations. Use it to verify facts and confirm Google’s official recommendations to handle suspicious activity.
- Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a code from your phone or another trusted device in addition to your password.
- Enroll in Google’s Advanced Protection Program (APP): This program is ideal for high-risk users like journalists and activists. APP requires a physical security key and restricts non-Google apps from accessing your Gmail data. While enrolling in the APP might take slightly longer to recover your account if needed, it significantly hinders unauthorized access attempts.
You may use these tips and be watchful about certain warnings to cut down your chances of falling into such ever-evolving AI-powered Gmail scams. Remember, knowledge is power. The more you understand these tactics, the better equipped you will be to defend your valuable online accounts.
