It’s no secret that bad actors are using AI to create more believable scams, but until now, they haven’t fooled many. However, as AI models become more advanced, these tricks become increasingly realistic.
Now, there are reports of a particularly nasty Gmail scam that can easily fool even the most wary person out of their account.
How the Gmail AI Scam Works
The scam was first documented on Sam Mitrovic’s blog. This attack combines AI voices with convincing email spoofing tactics to create a realistic customer support scam.
The scam begins as an attempt to log into your Google account, which sends a notification to your device. If you decline the login attempt, the scammers call you 40 minutes later and use an AI voice to act as a fake customer support agent.
The AI voice claims to be from Google and states that your account has been hacked—hence the notification from earlier. It will then ask you for your personal information, which the scammer can use to access your account.
The scary part of the scam is how authentic everything looks. As Sam Mitrovic noted, the phone number calling his device looked like it came from Google. Sam also received an email that looked professional and had a believable sender, which you can see below.
How to Avoid the Gmail AI Scam
As convincing as the scam is, it still has a few red flags that identify it as a scam. For one, Google will never call you on your phone if it’s not a Business Profile, so anyone claiming to be from the search giant should immediately set off alarm bells.
If you’re worried that someone has actually accessed your account, hang up on the caller and visit Google Help. Contact support and let them know what the person on the line said. If it was real, the support agent should help you rectify the issue; if it wasn’t, they should let you know and reassure you.
If you want to take matters into your own hands, look out for signs that your Google account has been hacked; if nothing turns up, it was a scam.
