Those who use Gmail are being warned to be vigilant as a scam has been flagged that is using a new tactic to try and steal personal data and gain full access to accounts. The highly sophisticated and 'devastating' attacks are switching to AI in a bid to trick email account holders.
Users were first warned about the new threat all the way back in May last year with America's FBI law enforcement agency issuing an alert after spotting a rise in Artificial Intelligence scams. Some were so serious, the attacks were leaving people with money and their identity stolen by online crooks.
At the time, FBI Special Agent in Charge Robert Tripp said: "Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data."
Since then, even more people have been targeted, the Mirror has reported. The team at Malwarebytes has now issued new guidance on what to watch out for and how to stay safe. According to these security experts, the new scams start with users receiving phone calls claiming their Gmail accounts have been compromised.
This is followed by a legitimate-looking email that appears to have come directly from Google.
"The goal is to convince the target to provide the criminals with the user's Gmail recovery code, claiming it's needed to restore the account," Malwarebytes explained.
If fooled, the criminals not only have access to the target's Gmail but also to a lot of services, which could even result in identity theft. One of those targeted has even written a full blog post about his experience. Sam Mitrovic, a Microsoft solutions consultant, said he received a notification to approve a Gmail account recovery attempt.
This was then followed by a call-which sounded genuine-saying there had been suspicious activity on his account. Luckily, Mitrovic realised something was wrong and hung up.
"The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale," Mitrovic explained.
"People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it."
Along with these account recovery scams, the FBI has added another warning about unsolicited emails and text messages which contain a link to a seemingly legitimate website that asks visitors to log in, but the linked websites are fakes especially designed to steal the credentials.
If you receive a call from Google and are then sent a link be very careful before clicking or handing over any details as it's likely to be a scam. Malwarebytes has now issued this advice to help users stay safe.
How to avoid AI Gmail phishing
Never click on links or download files from unexpected emails or messages Don't enter personal information on a website unless you are certain it is legitimate Use a password manager to autofill credentials only on trusted sites Monitor your accounts for signs of unauthorised access or data leaks Verify security alerts by visiting your Google Account page directly instead of using links in emails Use multi-factor authentication (MFA) for all accounts Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device.For all the latest news, visit the Belfast Live homepage here and sign up to our daily newsletter here.
English (United States) ·