A new and dangerous AI threat for all Gmail users has been detected in the country
Google has added increased protection against those who would compromise your Gmail account – but hackers using AI-driven attacks are also changing. Here’s what you need to know.
The latest AI-powered Gmail attack is terrifying
Sam Mitrovic, a Microsoft solutions consultant, has issued a warning after almost falling for what is described as a “true AI scam” capable of tricking even experienced users.
It started a week before Mitrovic realized the complexity of the attack that targeted him. “I received a notification accepting a Gmail account recovery attempt,” Mitrovic recounted in a blog post warning other Gmail users about the threat in question. The requirement to confirm account recovery, or password recovery, is a notorious form of phishing attack designed to lead the user to a fake portal where they need to enter their credentials to report the request as if they were not it starts.
So, unsurprisingly, Mitrovic didn’t fall for this and ignored the notification that appeared to be from the US and the errant phone call from Google in Sydney, Australia, for about 40 minutes. later. So far, it’s pretty straightforward and easy to avoid. Then, about a week later, the fun began in earnest – another notification request for permission to restore the account followed by a call 40 minutes later. This time, Mitrovic did not miss the call and instead picked up: an American voice, claiming to be from Google support, confirmed that there is suspicious activity on the Gmail account.
“He asks me if I’m leaving,” Mitrovic said, “when I say no, he asks me if I’m in Germany, and I tell him no.” All this is to instill trust in the caller and fear in the receiver. That’s when things quickly turned dark and they became very clever in the overall scheme of phishing. The alleged Google agent informed Mitrovic that an attacker had accessed his Gmail account 7 days ago, and had already copied the account’s data. This came as Mitrovic recalled the recovery announcement and the missed call last week.
When he checked the phone number he was being called from while talking, Mitrovic found that it actually led to Google business pages. This is just a clever trick that can fool many unsuspecting users who are caught in the current panic, as it was not a Google support number but about receiving calls from Google Assistant . “At the start of the call, you’ll hear the reason for the call and that the call is from Google. You can expect the call to come from an automated system or, in some cases, a manual operator,” the 100% real page helps the reader.
Lessons To Learn From This Gmail Hack Near Miss
Mitrovic did the right thing, or at least the next best thing to hanging up, and asked the alleged supporter to send the email that came next. , from the Google site and looking for real goals and objectives. At this point he realized that the field had a cleverly hidden address that wasn’t really a Google site but could fool non-scientists.
However, the real gift for Mitrovic was when the caller said hello and after no answer acknowledged us again. “At this point I released it as an AI voice as the pronunciation and location was very accurate,” Mitrovic said.
It’s worth reading the original blog from Mitrovic as it contains a lot of technical details and detective work that I don’t have space to cover in this report. Knowledge is everything, and the threat intelligence provided by this advisor is invaluable to anyone who may find themselves in a similar situation: early warning.
It is almost certain that the attacker would have progressed to the so-called recovery process, in fact this would be a website that holds user data and possibly and the use of another type of cookie that steals more malware. two-factor authentication if that was available.
AI deepfakes are not only used for porn and politics, they are used to create accounts that appear to be straight like in this case. Stay calm if you are approached by someone claiming to be from Google support, they will not call you so there will be an immediate red flag and no harm will come to you if you hang up. Use the tools you have, surprisingly Google searches your Gmail account too, doing checks during the call if you are concerned it can be real and ignoring it can cause harm. Look up a phone number, see where it actually came from. Check your Gmail activity to see if, if any, devices other than yours have used the account. Pay attention to what Google has to say about staying safe from attackers who use Gmail phishing scams. Most importantly, never allow yourself to be rushed into a knee-jerk reaction, no matter how urgent the conversation. It’s that sense of urgency that attackers rely on to sway your normal judgment and click a link or give up information.
#Gmail #Security #Alert #Billions #7Day #Confirmed
