A security expert and a tech startup CEO have cautioned Gmail users about a sophisticated AI-based phishing scam that could lead to account takeovers.
Last week, Garry Tan, the CEO of Ycombinator, shared a warning on X (formerly Twitter) about a "complex" phishing scam involving AI-generated voices. He stated that scammers impersonate Google Support and use caller IDs that seem legitimate but are not verified. Tan advised users to avoid clicking “Yes” on any such prompts, as doing so could allow scammers to recover passwords.
The scam involves fraudsters claiming they are verifying the user’s status after a false death certificate was filed, allowing a supposed family member to recover the account. Tan described the scam as highly elaborate.
In a related incident, security researcher Sam Mitrovic detailed a similar attack on Gmail accounts. Mitrovic explained how these scams have become more advanced, convincing, and widespread. He shared his experience of receiving an account recovery request, which he declined. Later, he received a call from someone claiming to be from Google, with a seemingly legitimate caller ID. Although the call appeared authentic, Mitrovic rejected it.
A week later, Mitrovic encountered a nearly identical attempt, but this time, he answered the call. The caller, with an American accent, asked if Mitrovic was traveling, attempting to convince him that suspicious activity had been detected. Though the call sounded genuine, Mitrovic became suspicious when he noticed the email address in a follow-up message was not a real Google domain, despite looking official.
Upon further inspection, Mitrovic noticed inconsistencies in the interaction and eventually realized the voice on the other end was AI-generated. He cut off the call, realizing he had narrowly avoided falling victim to the scam. He also found others online who had encountered similar schemes.
0 Comments