A new ‘super-realistic’ AI scam could get your Gmail account hacked
The advent of generative AI has opened up all kinds of opportunities, but it has also ramped up various risks and dangers.
We’ve previously seen hackers who can use AI-generated codes, phishing emails, or even deepfakes to make even more realistic fraud attempts — ones that even security experts can easily fall for.
In a recent Forbes report, Sam Mitrovic — a security consultant for Microsoft — talks about his experience with a new “super-realistic AI scam call” and warns that all Gmail account users could be targeted.
How the new AI scam call works
The scam is similar to standard phishing methods, but it has a much higher chance of success thanks to its use of AI.
First, Mitrovic received a message asking him to restore his Gmail account. In addition to the included confirmation link, Mitrovic also received a call that purported to come directly from Google. At first, he didn’t pick up, assuming that Google wouldn’t make such a call.
But a week later, he got another call — and this time he answered. On the other end was the American-sounding voice of an alleged Google support employee, who informed him that suspicious activity had been detected in his Gmail account. Someone from Germany had apparently logged in within the past seven days and downloaded his account data.
At this point, Mitrovic did what many people do when they’re in this kind of situation: he googled the phone number. To his surprise, it actually led to a Google business page, reinforcing the impression that it was a genuine call from Google itself.
Fortunately, Mitrovic knew better and was able to recognize it for the phishing attempt it was. Although the AI-generated voice on the phone seemed very convincing, he made a quick check and found that everything was fine with his Google account. For the average person, though, it’d be extremely hard to see through the ruse.
Warning signs of a scam attempt
These kinds of hack attempts are a serious threat to everyone, which is why it’s important to understand how these scams work and what sorts of warning signs you need to be able to spot.
Perhaps the most important giveaway of any scam is an elevated sense of urgency, one that tries to get you into panic mode so you’re caught off guard and more likely to make mistakes by acting in haste.
Other big giveaways include getting an unsolicited call from support (most companies will not reach out to you by phone without prior warning) and being prompted to share your password or other sensitive personal information (reputable support services won’t ask for this).
This particular AI scam is mainly targeting Gmail users, which amounts to around 2.5 billion users worldwide. If you use Gmail at all, you should be careful and only respond to the usual notifications about suspicious account activity, which Google doesn’t send by phone but via automated emails. You can also check your Gmail account’s security settings at any time to see whether everything is OK with your account.
Further reading: Simple tips to improve your Gmail security