Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Beware of the New Gmail Scams That Are Fooling Security Pros

by Suzanne Kantra on October 14, 2024

Scammers are stepping up their game with increasingly sophisticated Gmail scams powered by AI, and they're so convincing that even security experts have been in danger of falling victim. These scams are aimed at resetting your Gmail password and taking control of your account. Once scammers have control, they could use your email to get into other accounts, such as your bank and investment accounts, or steal your identity.

Here's how these scams work, how they differ from traditional phishing attempts, and, most importantly, how you can protect yourself.

Robot working at a computer concept

How the scam works: AI meets social engineering

At the heart of this Gmail takeover scam is a combination of traditional social engineering and advanced AI. It typically begins with a fake Gmail two-factor authentication (2FA) account recovery notification sent to the target's inbox. If you confirm the 2FA, you've given the scammer the ability to take over your account. However, if you ignore it (and here's where things get interesting), you receive a follow up 2FA email and then a phone call supposedly from Google. The scammer, using an AI-generated voice that sounds eerily professional and human, claims there’s suspicious activity on the account and to confirm the 2FA. They create a sense of urgency, perhaps saying someone has accessed the account from a foreign country and stolen sensitive data, in order to have you click. And if you do, and the trap is sprung.

This is not a theoretical threat; it’s actively happening and is sophisticated enough to almost trick security experts. Sam Mitrovic, an IT professional and tech blogger, shared his near-miss in his post “Gmail Account Takeover: Super Realistic AI Scam Call.”

Mitrovic explained that what made the scam so convincing was the follow-up email, sent a week later, appeared legitimate – complete with Google branding. However, subtle details that most people would not notice, such as a spoofed "From" field, revealed that it was a fake.

Why these scams are different

Compared to traditional phishing emails, which often contain grammar errors, broken links, or mismatched logos, these new AI-powered attacks are polished and sophisticated. The AI-generated voices make the phone calls sound human, not like the typical robotic scammer voice. This approach adds another layer of authenticity, making the scam more difficult to detect and much more dangerous.

Another key difference is the real-time interaction. Phishing emails usually don’t involve live conversations, but these scammers use AI to engage the victim directly through phone calls. They patiently build trust by mimicking Google’s procedures, such as asking about your travel history or recent login attempts. This slow, calculated manipulation can easily bypass our usual suspicion of phishing attempts.

How to spot the warning signs

While these scams are hard to detect, there are a few red flags that can help you avoid falling victim:

Unexpected recovery notifications

Always be suspicious of recovery alerts you didn’t request.

Calls from ‘Google’

Google rarely calls individual users unless you have a business account. If you receive a phone call claiming to be from Google, it’s a good idea to hang up and verify through official Google support channels. Keep in mind that phone numbers are easily spoofed, too.

Emails from 'Google'

Pay attention to the details in emails you receive. Spoofed emails often have subtle signs, such as domain names that aren't exact matches for those you're familiar with or a suspicious sender field.

Read more: How to Tell if an Email Has Been Spoofed

Sense of urgency

Scammers often pressure you to act quickly to prevent you from thinking things through. If a caller is insisting that you act immediately, step back and assess the situation critically.

The future of phishing detection: phishing intelligence sharing

One promising development in the fight against phishing attacks is phishing intelligence sharing. This involves a network of tech organizations, cybersecurity firms, and government agencies collaborating in real-time to share information about new and emerging threats. Initiatives like CISA’s Automated Indicator Sharing (AIS) enable security teams to exchange data rapidly, making it easier to detect phishing patterns across platforms.

Google and other tech companies are already participating in such efforts, and this collaborative approach is key in spotting and flagging fake emails before they even reach you. But don't let down your guard, knowing the red flags remains a crucial part of staying safe.

[Image credit: concept rendering of a robot working at a computer generated by DALL-E]

For the past 20+ years, Techlicious founder Suzanne Kantra has been exploring and writing about the world’s most exciting and important science and technology issues. Prior to Techlicious, Suzanne was the Technology Editor for Martha Stewart Living Omnimedia and the Senior Technology Editor for Popular Science. Suzanne has been featured on CNN, CBS, and NBC.


Topics

News, Computers and Software, Internet & Networking, Computer Safety & Support, Blog, Privacy


Discussion loading

gravatar

From Haloo - try me ai scammer on October 15, 2024 :: 4:45 pm


I had an episode too - I simply asked the ai voice scammer = I just swore at it … Brooklyn like - f…ck face what’s the secret pin word a…h… !  So what is it s…t f…

It was aghast! Couldn’t compute. Duh 🙄

Amazingly ai just hang up. !

Reply

gravatar

From Doug Kelley on October 16, 2024 :: 4:16 pm


Simply: never respond to a 2FA request unless it’s one you initiated.

How would you get an “account recovery” in the email account that’s supposed to be recovered?!?

Stay safe out there!

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.