A sophisticated new scam targeting Gmail users has emerged, using artificial intelligence to trick victims into surrendering control of their accounts.
This “super realistic AI scam call” combines fake account recovery notifications, spoofed phone numbers, and convincing AI-generated voices to manipulate users into approving fraudulent account access requests.
The scam typically begins with an unexpected Gmail account recovery notification, supposedly originating from another country, Sam who experienced the incident said.
If ignored, the scammers follow up with a phone call about 40 minutes later. The caller ID may show “Google Sydney” or another official-sounding name, adding credibility to the ruse.
Analyse Any Suspicious Files With ANY.RUN: Intergarte With You Security Team -> Try for Free
AI Scam Call Flaw
“I Googled the phone number, which led me to official Google documentation.The number seems legit although I’m aware just how easy it is to spoof the number”, Sam added.
When answered, an AI-generated voice with a convincing American accent claims to be from Google support.
The “representative” informs the user of suspicious account activity, often mentioning logins from foreign countries. They then assert that someone has accessed the account and downloaded personal data, creating a sense of urgency.
To further legitimize their claims, the scammers send a spoofed email that appears to come from a genuine Google domain. However, closer inspection reveals telltale signs of forgery, such as non-Google email addresses in the “To” field.
The ultimate goal is to persuade the victim to approve the initial account recovery request, granting the scammers full access to the Gmail account.
From there, they can potentially access sensitive information, other linked accounts, or use the compromised email for further scams.
To Protect Yourself:
- Never approve unexpected account recovery requests.
- Be skeptical of unsolicited calls claiming to be from Google support.
- Verify caller IDs and email addresses carefully.
- Regularly check your account’s recent security activity.
- When in doubt, contact Google directly through official channels.
As AI technology advances, these scams are becoming increasingly sophisticated and convincing. Vigilance and a healthy dose of skepticism remain the best defenses against falling victim to such attacks.
If you suspect you’ve been targeted, report the incident to Google and consider changing your account passwords immediately.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)