Gmail is used by approximately 2.5 billion users worldwide and is a frequent target for scammers. If you use Gmail, you've probably encountered phishing emails impersonating popular companies like Microsoft, Google, and Apple. These scams are often easily spotted due to suspicious email addresses and other red flags such as poor grammar or urgent requests for personal information.
However, new AI-powered scams are widespread and much harder to detect unless you're very careful. Wondering how this scam works and how to protect yourself? Thank you for your help. This article provides real-world examples and practical tips for protecting your information.
Get security alerts, tips from experts – Sign up for Cart Newsletter – Cyber Guy Report here
A new AI-powered scam is targeting Gmail users. (Kurt “Cyber Guy” Knutson)
How does this scam work?
According to Sam Mitrovic, Microsoft Solutions Consultant: shared his stuff experience You're being targeted by an elaborate scam preying on Gmail users. He explained how it all started with a seemingly innocuous notice:
“I recently received a notification approving an attempt to recover my Gmail account. The request was from the United States. I declined the request, and about 40 minutes later I received a missed call. The caller of the missed call. The ID was Google Sydney.
Sam ignored the missed call, but the same pattern repeated exactly one week later. He received another Gmail account recovery notification from the US, then another call. This time he answered.
“An American voice, very polite and professional. The number is Australian. He introduced himself and said there had been suspicious activity on my account. He told me that I was going on a trip. When I said no, he asked if I was going. I logged in from Germany and I said no. He says someone accessed my account from a week ago and downloaded my account data (then flashed back to the recovery notice from a week ago).
Sam immediately Googled the phone number and it was published in Google's official documentation. Still skeptical, he asked the caller to email him for confirmation. When the email arrived, the sender appeared to be legitimate and from a Google domain. But Sam noticed the red flags. The “To field” contained an email address named GoogleMail at InternalCaseTracking dot com. This address does not belong to Google.
Sam investigates and finds out that the other person is not a human but an AI. This approach is part of a well-known phishing technique aimed at confirming account recovery or password reset. But when combined with AI-powered call and email spoofing, this scam becomes especially dangerous.
Scammers may target account recovery notifications in Gmail. (Kurt “Cyber Guy” Knutson)
A flaw in Windows could allow hackers to break into your PC via Wi-Fi
How do scammers fake Google email addresses?
Mitrovic noted that the scammers spoofed the sender's email address to make it appear as though it was from Google. They used Salesforce CRM, a platform that allows users to customize sender information when sending emails via Gmail or Google servers.
CyberGuy reached out to Google for comment, but did not receive a response in time for publication.
Best antivirus software for MAC, PC, iPhone, and Android – Cyberguy's pick
Scammers can spoof Google email addresses. (Kurt “Cyber Guy” Knutson)
Cyber crooks use AI to manipulate Google search results
5 ways to protect yourself from Gmail AI scams
1) Understand Google's automated support system: Google has billions of users, and contacting them about issues requires significant resources. Everything is automated and Google won't call Gmail users unless they're connected to a Google Business profile.
2) Carefully inspect email addresses. Always check your email address carefully. In this case, the email contained a recipient address that was not associated with a Google domain. Additionally, the victim's Google account had no active sessions other than his own.
3) Be careful with links and attachments. Don't click on links or download attachments from unknown or suspicious emails. Instead, type the URL into your browser to go directly to the website.
The best way to protect yourself from malicious links that can install malware and access your personal information is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.
4) Enable two-factor authentication (2FA). use 2FA Add an extra layer of security to your account. This requires a second form of authentication, such as a text message or an authenticator app, making it difficult for fraudsters to gain access even if they know your password.
5) Monitor your account regularly. Please closely monitor your account for unusual activity. Set notifications for login attempts and changes to account information. Early detection can prevent further damage.
Prevent people nearby from hearing your voicemails with this simple tip
Cart important points
While AI has some useful uses, it is being exploited more aggressively by fraudsters to make their plans more believable. The Gmail AI scam shows how AI can make fraud difficult to detect, and anyone can fall victim to these scams if they're not careful. Google needs to work on improving its fraud filters to prevent these impersonation scams from reaching people's inboxes. You can also do your part by being cautious and avoiding unknown links.
How confident are you in your ability to identify scams? What resources do you use to learn about online security? Email us at. Cyberguy.com/Contact.
CLICK HERE TO GET THE FOX NEWS APP
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask your cart a question or let us know your story you'd like us to feature.
Follow Kurt on his social channels.
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
