A sophisticated new artificial intelligence (AI)-powered scam is targeting billions of users on the world’s largest email service.
Microsoft security expert Sam Mitrovic writes in a new blog post about a “super realistic AI scam call” that mimics American-sounding voices to trick Gmail users into giving up their login credentials.
The scam works by sending users a notification originating from the US about a Gmail account recovery attempt, before phoning the victim – in Mitrovic’s particular experience – from an Australian phone number labeled as “Google Sydney.”
After the second attempt, Mitrovic decided to pick up and entertain the scam.
On the other end of the call was an American voice who sounded “very polite and professional” with ambient call center chatter in the background, calling from an official Google phone number in Australia.
Mitrovic even heard typing when he asked the person to send him an email. However, Mitrovic noticed that the voice sounded a bit too “perfect.”
“The caller said Hello, I ignored it then about 10 seconds later, then said Hello again. At this point I released it as an AI voice as the pronunciation and spacing were too perfect.”
Mitrovic also noticed the email he received was from “GoogleMail at InternalCaseTracking.com” – a non-Google domain.
The security expert says if he had stayed on the call long enough, he believes the next step likely would’ve been to approve the account recovery notification before gaining complete control of his email.
The scam is centered on a combination of AI deepfakes and phishing techniques. Anna Collard, a cybersecurity expert from KnowB4 told Forbes,
“The main reason social engineering is so effective is that it keeps evolving. The rise of deepfakes, convincingly real images and videos artificially generated, has further exacerbated the potential for misinformation and manipulation.”
Generated Image: Midjourney