Gmail Users Placed on Red Alert Amid AI Scams

Gmail Users Placed on Red Alert Amid AI Scams

Gmail users have been placed on red alert and warned about a worrying scam that is using a new tactic to try and steal personal data and gain access to their accounts. The highly sophisticated attacks are switching to AI in a bid to trick email account holders in “devastating” attacks, reports the Mirror.

Users were first warned about the new threat in May last year. America’s FBI law enforcement agency issued an alert after spotting a rise in AI scams that were so serious, some people were having their money and identities stolen by online fraudsters.

At the time, FBI Special Agent in Charge Robert Tripp said: “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.

Since then, more people have been targeted. The team at Malwarebytes has now issued new guidance on what to watch out for and how to stay safe. According to these security experts, the new scams start with users receiving phone calls claiming their Gmail accounts have been compromised.

They may then receive a legitimate-looking email that appears to have come directly from Google. “The goal is to convince the target to provide the criminals with the user’s Gmail recovery code, claiming it’s needed to restore the account,” Malwarebytes explained.

A successful scam could result in criminals gaining access to the target’s Gmail, or a case of stolen-identity. One of those targeted has documented his experience in a blog post.

Sam Mitrovic, a Microsoft solutions consultant, said he received a notification to approve a Gmail account recovery attempt. He then received a genuine-sounding call which said there had been suspicious activity on his account. Luckily, Mitrovic realised something was wrong and hung up.

“The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale,” Mitrovic explained. “People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it.”

How to avoid AI Gmail phishing:

• Never click on links or download files from unexpected emails or messages.

• Don’t enter personal information on a website unless you are certain it is legitimate.

• Use a password manager to autofill credentials only on trusted sites.

• Monitor your accounts for signs of unauthorized access or data leaks.

• Verify security alerts by visiting your Google Account page directly instead of using links in emails.

• Use multi-factor authentication (MFA) for all accounts

• Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device.

The FBI has now added another warning about unsolicited emails and text messages which contain a link to a seemingly legitimate website that asks visitors to log in, but the linked websites are fakes designed to steal their credentials. If you receive a call from Google and are then sent a link be very careful before clicking or handing over any details as it’s likely to be a scam. Malwarebytes has now issued this advice to help users stay safe.