InfoSecBulletin Cybersecurity for mankind
A new sophisticated scam is targeting Gmail users, using artificial intelligence to manipulate them into giving away account access. This “super realistic AI scam call” includes fake recovery notifications, spoofed phone numbers, and convincing AI voices to trick users.
The scam usually starts with an unexpected Gmail account recovery notification from a different country, according to a person named Sam who experienced it.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
If ignored, scammers will call about 40 minutes later, often displaying caller ID like “Google Sydney” to seem legitimate.
AI Scam Call Flaw:
“I Googled the phone number, which led me to official Google documentation.The number seems legit although I’m aware just how easy it is to spoof the number”, Sam added.
When answered, an AI-generated voice with a convincing American accent claims to be from Google support.
Scammers impersonate a “representative” to alert users about suspicious account activity, often citing logins from foreign countries. They claim that someone accessed the account and downloaded personal data to create urgency. To make their claims seem credible, they send a fake email that looks like it’s from a Google domain, but closer examination shows signs of forgery, like non-Google email addresses in the “To” field.
The goal is to get the victim to approve the initial account recovery request, which gives scammers full access to their Gmail. This access can lead to sensitive information theft, access to linked accounts, or further scams.
To Protect Yourself:
Never approve unexpected account recovery requests.
Be skeptical of unsolicited calls claiming to be from Google support.
Verify caller IDs and email addresses carefully.
Regularly check your account’s recent security activity.
When in doubt, contact Google directly through official channels.
As AI technology improves, scams are becoming more sophisticated. Stay vigilant and skeptical to avoid being a victim. If you suspect a scam, report it to Google and change your account passwords immediately.
