By Pavethran Batmanathen

AI certainly has its benefits, with many large corporations developing AI models aimed at improving society. However, there are always individuals who exploit such technology for malicious purposes. One alarming example is the use of AI for “spoofing” to gain control of digital accounts, including Gmail, the world’s leading email service provider.

With over 2.5 billion accounts, Gmail has become a prime target for cybercriminals. These bad actors are now employing a highly deceptive tactic known as “super realistic AI scam calls,” which can fool even the most tech-savvy users.

Sam Mitrovic, founder of CloudJoy and a security expert, recently shared a personal experience through a detailed blog post, explaining how he fell victim to this new form of fraud. It all started when he received an email that appeared to be an approval notification for his Gmail account recovery. However, after the recovery request was denied, he was contacted by a phone number that appeared as “Google Sydney” on his caller ID.

A week later, Mitrovic received yet another Gmail recovery notification, followed by another phone call. Just like the first, the call came from a legitimate Google support number listed on their official website mentioning the account had been accessed from overseas and personal data associated with the account had been downloaded.

The scam involved several convincing elements: a legitimate-looking phone number identical to Google Workspace support, an email with a seemingly genuine Google domain (spoofed through tools like Salesforce CRM, which allows the use of custom domain names), and a convincing AI-powered voice bot. These layers of deception could easily lead most users to believe they were interacting with official Google representatives, potentially prompting them to reveal their Gmail credentials to cybercriminals.

In the past, scams like these would require actual human intervention to place the fraudulent phone calls, similar to the notorious Jamtara cyber scams in India. However, with the advent of realistic AI voice models, the process has become even simpler. A malicious actor can now orchestrate thousands of these phishing attempts simultaneously, automating a once manual effort.

This incident highlights how hackers are leveraging a combination of fake emails, spoofed phone numbers, and advanced AI bots to deceive even cautious users. While there is no foolproof way to prevent such attacks at this moment, heightened awareness and vigilance can go a long way in keeping your Gmail account secure. In today’s world, Gmail is essentially a digital hub for both personal and professional activities, making it an attractive target for cybercriminals.

In addition to being cautious, it’s recommended that users regularly change the passwords of their digital accounts and activate two-factor authentication (2FA). Whether it’s through OTP, passkeys, or authenticator apps like Microsoft Authenticator, 2FA adds an extra layer of security that makes it more difficult for hackers to gain access to your account, even if they manage to guess or steal your password.
The key to staying safe from these attacks is constant vigilance.

Source: https://indianexpress.com/article/technology/artificial-intelligence/gmail-ai-spoofing-how-to-stay-secure-9617987/, Picture Credits: Search Engine Journal