Authored by Jack Phillips via The Epoch Times<\/p>\n\n\n\n
A security researcher and a technology startup CEO are warning that some Gmail users could fall prey to a sophisticated, AI-based scam that could lead to their accounts being taken over.<\/strong><\/a><\/p>\n\n\n\n Garry Tan, chief executive of prominent tech-oriented venture capital firm Ycombinator, wrote on X late last week that there is a \u201cpretty elaborate\u201d phishing scam that uses an AI-generated voice.<\/p>\n\n\n\n The scammers \u201c[claim] to be Google Support (caller ID matches, but is not verified),\u201d he wrote<\/a> in an Oct. 10 post that he termed a \u201cpublic service announcement.\u201d<\/p>\n\n\n\n \u201cDO NOT CLICK YES ON THIS DIALOG\u2014You will be phished.<\/strong><\/p>\n\n\n\n \u201cThey claim to be checking that you are alive and that they should disregard a death certificate filed that claims a family member is recovering your account. It\u2019s a pretty elaborate ploy to get you to allow password recovery.\u201d<\/p>\n\n\n\n IT consultant Sam Mitrovic, in a blog post last month, wrote<\/a> of a similar scam attempt targeting Gmail accounts and also using an AI-generated voice.<\/p>\n\n\n\n \u201cThe scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale<\/strong>,\u201d Mitrovic wrote in the post. \u201cPeople are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it.\u201d<\/p>\n\n\n\n According to the post, Mitrovic said he received a notification to approve an attempt to recover a Gmail account, which he ultimately rejected. He then received a phone call about 40 minutes later with a caller ID as \u201cGoogle Sydney\u201d and rejected it as well.<\/p>\n\n\n\n \u201cExactly a week later,\u201d he said, \u201cmore or less exactly the same time, I received another notification to approve my Gmail account recovery again from the United States.<\/p>\n\n\n\n \u201cYou guessed it\u2014about 40 minutes later I receive a call which I pick up this time. It\u2019s an American voice, very polite and professional. The number is Australian. He introduces himself and says that there is suspicious activity on my account.\u201d<\/strong><\/p>\n\n\n\n The person on the other line then asked if Mitrovic was traveling, to which he replied he was not, according to his account. The person then asked if Mitrovic was in Germany, to which he also said no.<\/p>\n\n\n\n Mitrovic said he found the caller\u2019s number was an official one that was listed under Google Australia\u2019s IT support page, adding that he asked for a confirmation email, and the sender address also appeared to be an official account used by Google\u2019s team.<\/p>\n\n\n\n \u201cIn the background, I can hear someone typing on the keyboard and throughout the call there is some background noise reminiscent of a call centre. He tells me that he has sent the email. After a few moments, the email arrives and at a first glance the email looks legit\u2014the sender is from a Google domain,\u201d he wrote.<\/p>\n\n\n\n But the researcher noted that \u201cspoofing an email address is easy and I notice that the To field contains an email address cleverly named GoogleMail at InternalCaseTracking dot com (non-Google domain).\u201d<\/strong><\/p>\n\n\n\n \u201cThe caller said, Hello, I ignored it then about 10 seconds later, then said Hello again,\u201d he said, adding that at that moment, he realized the voice was AI-generated, \u201cas the pronunciation and spacing were too perfect.\u201d<\/p>\n\n\n\n Mitrovic wrote that he hung up and called the number back. He then received a message that said, \u201cThis is Google Maps, we are currently unable to take your call.\u201d<\/p>\n\n\n\n The researcher said he wasn\u2019t the only one who appeared to have been almost scammed, finding others who wrote that they were targeted by a similar scheme.<\/p>\n\n\n\n Public service announcement: You should be aware of a pretty elaborate phishing scam using AI voice that claims to be Google Support (caller ID matches, but is not verified) \u201cThere are many tools to fight the scammers, however, at an individual level the best tool is still vigilance, doing the basic checks as above or seeking assistance from someone you trust,\u201d Mitrovic wrote.<\/p>\n\n\n\n According to the blog post, the researcher said there were several hints to suggest it may have been an attempt to take over his Google or Gmail account.<\/strong><\/p>\n\n\n\n Mitrovic noted that telltale signs of a scam include that one, he received account recovery messages that he did not initiate; two, it was a phone call, as Google does not call users unless they have a Google Business Profile; and three, the email he received had an address \u201cnot connected to a Google domain.\u201d Additionally, the email header showed \u201chow the email was spoofed,\u201d and a \u201creverse number search showed others who received the same scam call,\u201d he said.<\/p>\n\n\n\n \u201cDespite many red flags upon closer inspection, this call seemed legitimate enough to trick many people,\u201d he wrote. \u201cMy guess is that their conversion rate from calls answered would be relatively high.\u201d<\/p>\n\n\n\n The Epoch Times contacted Google for comment about Mitrovic\u2019s and Tan\u2019s warnings but received no response by press time.<\/p>\n","protected":false},"excerpt":{"rendered":" Beware the AI voice call scammers. The funny part is this AI nonsense costs a lot of money in processing power and electricity, with people being lured in now that it’s free while trying to sell subscriptions. It’s a lot more hype than substance. And many of the models are fed with bad information, so […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-8905","post","type-post","status-publish","format-standard","hentry","category-tech"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/8905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=8905"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/8905\/revisions"}],"predecessor-version":[{"id":8906,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/8905\/revisions\/8906"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=8905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=8905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=8905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/assets.zerohedge.com\/s3fs-public\/styles\/inline_image_mobile\/public\/inline-images\/image%28453%29.jpg?itok=dERjsDKM\")
<\/a><\/figure>\n\n\n\n\n
DO NOT CLICK YES ON THIS DIALOG\u2014 You will be phished
They claim to be checking that you are alive and\u2026 pic.twitter.com\/60zeuS2lL8<\/a> \u2014 Garry Tan (@garrytan) October 10, 2024<\/a><\/p>\n<\/blockquote>\n\n\n\n