The new AI scam has left some people with money and identity stolen
Gmail users are being warned about a new scam that’s using advanced tactics to potentially steal personal data and gain full access to their accounts. The sophisticated and ‘devastating’ attacks now involve AI, making it easier to understand why some individuals have been deceived.
The threat was first highlighted in May last year when the FBI in America raised the alarm following an increase in Artificial Intelligence-related scams, which in severe cases led to victims losing both money and their identities to online fraudsters.
At that time, FBI Special Agent in Charge Robert Tripp said: “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”
Since then, the number of people falling prey to these scams has grown. Security specialists at Malwarebytes have recently provided updated advice on what signs to look out for and how to protect oneself.
According to these cybersecurity professionals, the scam often begins with phone calls alleging that the recipient’s Gmail account has been hacked. This is swiftly followed by an email that seems to be sent directly from Google, adding to the illusion of legitimacy, reports the Mirror.
“The goal is to convince the target to provide the criminals with the user’s Gmail recovery code, claiming it’s needed to restore the account,” Malwarebytes elaborated. If tricked, not only would the criminals gain access to the victim’s Gmail account, but also to myriad services that could lead to identity theft.
One of those targeted, Sam Mitrovic, a Microsoft solutions consultant, wrote a blog post detailing his encounter with this scam. Mitrovic explained how he received a notice to authorize a Gmail account recovery attempt, which was quickly followed by what seemed like a credible phone call alerting him to suspicious activity on his account.
Fortunately, Mitrovic sensed something amiss and disconnected the call. “The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale,” he explicated.
“People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it.”
In addition to these crafty account recovery tricks, the FBI has sounded the alarm regarding unsolicited emails and text messages containing links to what appear to be genuine websites requesting login information; however, these sites are expertly crafted fakes intended to pilfer credentials. If you happen to get a Google call and subsequently receive a link, take extreme caution before clicking or sharing any details as it is probably a con.
Malwarebytes urges users to heed the following advice to avoid falling prey to AI Gmail phishing scams. How to bypass AI Gmail phishing schemes.
• Never click on links or download files from unexpected emails or messages. • Don’t enter personal information on a website unless you are certain it is legitimate.
• Use a password manager to autofill credentials only on trusted sites. • Monitor your accounts for signs of unauthorised access or data leaks.
• Verify security alerts by visiting your Google Account page directly instead of using links in emails. • Use multi-factor authentication (MFA) for all accounts• Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device.