Google has ramped up its security to protect its over 2.5 billion Gmail users, but as security measures improve, so do the strategies of cybercriminals. The latest wave of AI-driven scams is more sophisticated than ever, posing a significant threat even to experienced users. This is the story of one such near-miss incident and Google’s ongoing efforts to combat these scams.
A New Level of Sophistication in AI-Driven Gmail Attacks
Sam Mitrovic, a Microsoft solutions consultant, recently shared his close call with a highly advanced AI scam that could deceive even tech-savvy individuals. Mitrovic first encountered the attack about a week before fully realizing its complexity. In a blog post, he described how the attack unfolded. It began with a seemingly routine notification for a Gmail account recovery attempt. This is a classic phishing tactic, aiming to trick users into entering their login details through a fake portal. Recognizing this as a typical scam, Mitrovic ignored the recovery request.
However, 40 minutes later, he received a missed call from a number claiming to be Google support, based in Sydney, Australia. It wasn’t until a week later that the real attack began. Another recovery request came in, followed by a phone call that Mitrovic answered. On the other end was a person with an American accent claiming to be from Google support, alerting him of suspicious activity on his Gmail account.
The supposed support agent asked if Mitrovic had been traveling, to which he replied no. The agent then inquired if he had logged in from Germany, again receiving a negative response. This tactic was designed to establish trust with the victim. Things escalated quickly when the caller claimed that an attacker had been accessing Mitrovic’s Gmail account for the past seven days and had already downloaded sensitive data.
At this point, Mitrovic began to connect the dots, recalling the previous recovery attempt and missed phone call from a week prior. The level of detail in the scam was remarkable. As Mitrovic spoke to the caller, he searched the phone number online, discovering that it was indeed linked to Google business pages. This clever move likely would have convinced many users of the call’s legitimacy. However, it wasn’t actually a support number—it was a number used for calls related to Google Assistant.
A Close Call
Mitrovic didn’t immediately hang up, but he did request an email confirmation from the alleged support agent. The email arrived soon after, appearing legitimate at first glance, but upon closer inspection, the “to” field revealed a cleverly disguised address that wasn’t actually from Google. Mitrovic’s technical skills and attentiveness saved him from falling victim to the scam.
The final clue came when Mitrovic noticed that the AI-generated voice on the other end sounded too perfect, with evenly spaced words and an unnatural rhythm. He later described this realization, stating, “At this point, I realized it was an AI voice as the pronunciation and spacing were too perfect.”
Mitrovic’s blog goes into much more technical detail about how he spotted the scam and the steps he took to avoid it. His advice is invaluable for anyone who might find themselves in a similar situation. His story serves as a powerful reminder that even highly experienced users can be targeted and that staying informed is crucial in defending against such attacks.
How the Scam Likely Would Have Played Out
Mitrovic’s quick thinking likely saved him from a more severe attack. Had he followed through with the fake support call, he would have been led to a cloned login portal designed to steal his credentials. Once the scammers had his information, they could have bypassed any two-factor authentication through session cookie stealing malware, giving them full access to his account.
Google’s Response: The Global Signal Exchange
In response to this growing threat, Google has taken proactive steps to combat scammers. The tech giant has partnered with the Global Anti-Scam Alliance (GASA) and the DNS Research Federation to launch the Global Signal Exchange (GSE). This initiative aims to serve as an intelligence-sharing platform, providing real-time insights into the cybercrime supply chain.
According to Amanda Storey, Google’s senior director of trust and safety, the collaboration brings together the unique strengths of each partner. GASA’s extensive network of stakeholders and the DNS Research Federation’s data platform, which monitors over 40 million signals, combine to make GSE a powerful tool for detecting and disrupting fraudulent activities across multiple sectors.
Storey explained, “GSE aims to improve the exchange of abuse signals, enabling faster identification and disruption of fraudulent activities across various sectors, platforms, and services.” The ultimate goal of this project is to create a solution that operates on the same massive scale as the internet itself while being efficient and user-friendly. Qualifying organizations will be able to leverage GSE’s capabilities to take action against scammers.
Google has already shared over 100,000 malicious URLs and analyzed millions of scam signals as part of the testing phase for GSE. Nafis Zebarjadi, Google’s account security product manager, commented, “We’ll start by sharing Google Shopping URLs that we have actioned under our scams policies, and as we gain experience from the pilot, we will look to add data soon from other relevant Google product areas.”
The intelligence-sharing platform runs on Google Cloud, allowing participants to access and contribute to a shared pool of intelligence signals. Storey noted that Google Cloud’s AI capabilities help find patterns and match signals more effectively, enhancing the overall fight against scammers.
Staying Safe from Advanced AI Scams
AI-driven scams like the one Mitrovic encountered highlight the dangers posed by modern phishing attacks. These scams are no longer limited to low-effort attempts; they now employ sophisticated tactics designed to trick even the most vigilant users. Deepfake technology, commonly associated with political or pornographic misuse, is also being employed to carry out seemingly straightforward account takeovers.
The key to staying safe is to remain calm and cautious. Google will never call you directly, so any such call should immediately raise suspicion. If you receive a call claiming to be from Google support, it’s best to hang up. Use available tools, such as Google’s search engine and your Gmail account, to verify any suspicious activity. Search for the phone number that contacted you and check your Gmail account activity for signs of unauthorized access.
One of the most important things to remember is never to rush. Scammers rely on creating a sense of urgency to bypass your usual judgment. Taking your time to verify information before clicking a link or providing credentials can prevent a serious breach. Following Google’s advice on staying safe from phishing attacks is crucial.
In summary, AI-driven scams are becoming more advanced, but with knowledge and caution, users can defend themselves against even the most deceptive tactics. Stay informed, stay vigilant, and never let scammers pressure you into making hasty decisions.