A sophisticated new scam targeting Gmail users has emerged, using artificial intelligence to trick victims into giving up control of their accounts.
This “super realistic AI scam call” combines fake account recovery notifications, spoofed phone numbers, and convincing AI-generated voices to manipulate users into approving fraudulent phone requests. access to the account.
The scam usually starts with an unexpected Gmail account recovery notification, supposedly from another country, said Sam who experienced the incident.
If ignored, the scammers follow up with a phone call about 40 minutes later. The caller ID may display “Google Sydney” or another official-sounding name, adding credibility to the ruse.
Analyse Any Suspicious Files With ANY.RUN: Intergarte With You Security Team -> Try for Free
AI Scam Calls Flaw
“I googled the phone number which led me to the official Google documentation. The number looks legitimate even though I know how easy it is to spoof the number,” Sam added.
When answered, an AI-generated voice with a convincing American accent claims to come from Google Support.
The “representative” notifies the user of any suspicious activity on their account, often mentioning logins from foreign countries. They then claim that someone accessed the account and downloaded personal data, creating a sense of urgency.
To further legitimize their claims, scammers send a usurped themAhe which appears to come from a real Google domain. However, closer inspection reveals telltale signs of forgery, such as non-Google email addresses in the “To” field.
The ultimate goal is to persuade the victim to approve the initial account recovery request, thereby granting the fraudsters full access to the Gmail account.
From there, they can potentially access sensitive information, other linked accounts, or use the compromised email for other scams.
To protect yourself:
- Never approve unexpected account recovery requests.
- Be wary of unsolicited calls claiming to be from Google Support.
- Carefully check caller IDs and email addresses.
- Regularly review recent security activity on your account.
- If in doubt, contact Google directly through official channels.
As AI technology advances, these scams are increasing. sophisticated and convincing. Vigilance and a good dose of skepticism remain the best defenses to avoid falling victim to such attacks.
If you believe you have been targeted, report the incident to Google and consider changing your account passwords immediately.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)