Deepfake robocalls + fake emails = the most dangerous Gmail scam yet…
Gmail users worldwide, totaling 1.8 billion, have been put on high alert regarding a sophisticated scam that exploits AI technology to access their accounts. This fraudulent scheme combines deepfake robocalls and counterfeit emails to bypass user security measures.
Gmail users alerted to AI-driven scam targeting accounts
Victims receive a call claiming that suspicious activity has been detected in their Gmail account, followed by an email outlining steps to remedy the situation. The email contains a link to a fake website that mimics Google’s, prompting users to enter their login information.
Cybersecurity experts have indicated that the primary objective of this scam is to persuade targets to provide their Gmail recovery codes under the pretext that it is necessary to regain access to their accounts. These tactics not only threaten Gmail accounts but also any service linked to the platform.
The FBI warned that such sophisticated scams could lead to significant financial losses, reputational harm, and the compromise of sensitive information. Malwarebytes reported that users should heed this warning, as the cost of advanced email attacks can be surprisingly low, starting at just $5, according to a study by McAfee’s State of Scamiverse, which revealed that a convincing deepfake can be generated in under ten minutes.
While previous warnings from the FBI emphasized the use of AI to create deceptive videos and emails, the latest findings by Malwarebytes reveal the integration of robocalls and emails in current schemes. Experts noted that while the components of these attacks are not new, their combination enhances the campaign’s effectiveness.
To help users avoid falling prey to these scams, Malwarebytes has provided guidance. Users are advised not to click on links or download attachments from unexpected emails, and to ensure that any websites they input personal information into are legitimate. The company also recommends utilizing password managers to fill in credentials only on trusted sites and to monitor accounts for unauthorized activity.
FBI: Use a secret code to outsmart AI scams
The FBI has recently issued advisories for iPhone and Android users regarding a surge in scams aimed at accessing personal and banking information. These scams have evolved to use caller ID spoofing to impersonate banks and law enforcement agencies, heightening their sophistication.
Authorities in Long Island, New York, reported instances where individuals received calls from someone claiming to be a Suffolk County Police Department member, falsely stating that the residents had outstanding warrants and soliciting money. The FBI has urged anyone receiving such calls to refrain from offering personal information and to terminate the call immediately.
If individuals suspect they have been targeted by a scam, they are instructed to contact the genuine organization the caller impersonated, using verified contact information. Experts emphasize that major tech companies like Google and Microsoft do not make unsolicited calls to users.
Cybersecurity expert Dave Hatter cautioned users against engaging with unsolicited callers, asserting that they should regularly review their account activity through privacy settings to verify its accuracy. Users are strongly advised not to respond to requests for sensitive information over phone calls or emails and to treat urgent communications with skepticism.
Featured image credit: Solen Feyissa/Unsplash
