A surge in AI-driven scams is now aiming at Gmail users, and even experienced professionals are struggling to dodge them. These phishing schemes, which imitate Google support, are becoming increasingly clever, and it's alarming when experts in the field raise the red flag. Sam Mitrovic, a consultant at Microsoft, recently recounted how he nearly fell prey to a very convincing scam phone call.
The Start of a Deceptive Scheme
It all began with what seemed like a normal notification about a Gmail account recovery. Mitrovic decided to ignore it, but about 40 minutes later, he received a call from someone claiming to be from Google support. The caller, who spoke with an American accent, inquired whether Mitrovic had logged in from Germany and asserted that someone had been accessing his account for a week. Although Mitrovic sidestepped the trap, he highlighted just how polished and believable the scam was, even replicating Google’s official phone numbers (in his case, an Australian number) to lend it more authenticity.
Another Victim's Close Call
Garry Tan, a venture capitalist and the founder of Y Combinator, also alerted others about a similar phishing scheme. In his instance, the scam suggested that a family member had submitted a death certificate to retrieve his account. The AI-powered caller pressured Tan to confirm his identity in a manner that was meant to induce panic, similar to Mitrovic's experience.
These scams are evidently leveraging AI's capability to mimic genuine conversations and fabricate real Google processes. The attackers are even utilizing tools like Google Forms to enhance the authenticity of their scams, tricking users into thinking the threat is genuine. Both Mitrovic and Tan caution that anyone, no matter their level of tech savvy, could be caught off guard by these advanced strategies—especially in the wrong moment or situation. Moreover, these scams are likely to become more challenging to identify as AI technology evolves.
Google's Response to the Threat
To combat these dangers, Google has teamed up with the Global Anti-Scam Alliance and the DNS Research Federation to introduce the Global Signal Exchange. This initiative aims to share real-time information about scams across various sectors. Furthermore, Google’s Advanced Protection Program now includes support for passkeys, providing an additional layer of security that could determine whether you keep your account or lose it.