Gmail Phishing Scam Fools Experts
Cyber criminals continue to eagerly exploit new AI capabilities to try robbing you of your data. Ever increasing their sophistication, the latest major news is a highly convincing Gmail AI scam that nearly fools even security experts. Phone numbers and emails that look authentic and seem to legitimately come from Google, as well as a professional, realistic AI voice, serve to make this scheme seem like a company representative is actually contacting you regarding an urgent problem with your account.
When even the experts almost fall for it, how much more at risk is the average user? In a blog post recounting his experience, analyst Sam Mitrovic highlights several red flags. For one thing, Google doesn’t call Gmail users without a connected Google Business Profile. Also indicative were account recovery notifications not initiated by the user, nor were any other Google sessions active besides Mitrovic’s.
Despite these warnings, which ultimately clued him in to the scam, Mitrovic guesses that the bad actors’ conversion rate for these calls answered is high, so cleverly deceptive is the ruse.
As Forbes points out, a good method for everyday users to stay safe from hacks that can fool even those in the business is to remain calm and not give in to the supposed urgency of the situation. Again, Google in the vast majority of cases will not be calling you, so that right there should put you on the alert. Personally, I don’t even answer my phone if I don’t recognize the number. Let them leave a voicemail if it’s so important, and I’ll judge it afterwards.
If that doesn’t convince you, using other tools like Google’s search engine, searching for the incoming phone number, checking your Gmail account: all can help keep you safe from sophisticated phishing. Freaking out and clicking a link or sharing your credentials with a friendly AI voice will only lead to real trouble.
It is nevertheless important to remain aware of what’s happening in the world of data security, as even a passing knowledge can help individuals smartly avoid falling into traps. For instance, in this year, 84.7% of organizations in a CyberEdge Group report were successfully hit by a cyberattack. This is down from 86.2% two years ago, but it’s still, you know, a pretty high percentage. The numbers do fluctuate from year to year, but they are unlikely to dip much lower than this stratospheric range. Cyber criminals are too good at what they do. The best supplement to organizations encrypting your sensitive data is to be mindful yourself, and employ a healthy skepticism.