InfoSecBulletin Cybersecurity for mankind
A new sophisticated scam is targeting Gmail users, using artificial intelligence to manipulate them into giving away account access. This “super realistic AI scam call” includes fake recovery notifications, spoofed phone numbers, and convincing AI voices to trick users.
The scam usually starts with an unexpected Gmail account recovery notification from a different country, according to a person named Sam who experienced it.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
If ignored, scammers will call about 40 minutes later, often displaying caller ID like “Google Sydney” to seem legitimate.
AI Scam Call Flaw:
“I Googled the phone number, which led me to official Google documentation.The number seems legit although I’m aware just how easy it is to spoof the number”, Sam added.
When answered, an AI-generated voice with a convincing American accent claims to be from Google support.
Scammers impersonate a “representative” to alert users about suspicious account activity, often citing logins from foreign countries. They claim that someone accessed the account and downloaded personal data to create urgency. To make their claims seem credible, they send a fake email that looks like it’s from a Google domain, but closer examination shows signs of forgery, like non-Google email addresses in the “To” field.
The goal is to get the victim to approve the initial account recovery request, which gives scammers full access to their Gmail. This access can lead to sensitive information theft, access to linked accounts, or further scams.
To Protect Yourself:
Never approve unexpected account recovery requests.
Be skeptical of unsolicited calls claiming to be from Google support.
Verify caller IDs and email addresses carefully.
Regularly check your account’s recent security activity.
When in doubt, contact Google directly through official channels.
As AI technology improves, scams are becoming more sophisticated. Stay vigilant and skeptical to avoid being a victim. If you suspect a scam, report it to Google and change your account passwords immediately.
