Beware of this new scam plaguing Gmail! Combining account recovery emails and scam calls pretending to be Google Support with the help of voice AI, it is formidable.

Beware of this new scam plaguing Gmail! Combining account recovery emails and scam calls pretending to be Google Support with the help of voice AI, it is formidable.

With its 2.5 billion users, Gmail is a prime target for cybercriminals, who will stop at nothing to get their personal data. And, for that, they are doubling their ingenuity. Sam Mitrovic, Microsoft solutions consultant, issues an alert in a blog post about a new scam that is very difficult to detect because it is particularly sophisticated. He almost fell into the trap himself! Because, now, scammers are using artificial intelligence to develop advanced phishing campaigns, making fraud detection increasingly difficult for even the most informed users.

Gmail scam: a voice AI larger than life

It all started with a notification asking him to approve a Gmail account recovery attempt, which of course he was not the originator of. Sam Mitrovic refused the request and, approximately 40 minutes later, received a missed call, the identifier of which was “Google Sydney”, which he did not respond to. The matter could have ended there, but cybercriminals are particularly tenacious.

A week later, he received a new account recovery request followed, again, by a call. This time, he decides to answer it. He then comes across a voice, “very polite and professional”who claims to be a Google support agent. It is actually a voice AI. This informs him of suspicious activity detected on his Gmail account and the fact that some of his personal data may have been stolen. It uses specific information and even mentions the previous account recovery notification, received the previous week. The sophistication of the attack was such that even the phone number used appeared legitimate, after Sam Mitrovic did a quick search to see who he had on the line.

Fortunately, Sam Mitrovic is not a beginner and knows how easy a number can be to spoof. He then asks his correspondent to send him an e-mail to confirm his identity. He receives one, which seems authentic. But one detail catches his attention: one of the addresses in the “To” field is a domain name that does not belong to Google, but is cleverly disguised. In total, it took him several minutes and extensive analysis to realize the deception. By searching a little on the Internet, he realized that many Internet users had been fooled by the same deception.

Gmail scam: increasingly sophisticated processes

As threats evolve, it is crucial to stay informed and vigilant. You should be especially alert for signs of a scam, even when communications appear to come from reputable sources. Also, never respond to an unexpected call claiming to be Google Support. Always verify the authenticity of communications using official Google channels and never be pressured by a sense of urgency.

If you are ever the target of an online or SMS scam, forward the message to Signal Spam immediately, Pharosor directly to 33,700the platform specializing in reporting scams. You can also report these fraudulent messages to the site internet-signalement.gouv.fr. Then block the sender’s number to no longer be bothered and delete the message in question.