According to Google, Gmail has more than 2.5 billion users.Image: Google
Cybercriminals use artificial intelligence to deceive email users. New AI voice scam could threaten billions of email users.
October 16, 2024 09:00October 16, 2024 10:07
Marcel Hozenek/t-online
An article by
Cybercriminals have developed a new, sophisticated scam that theoretically threatens billions of email users around the world. As American magazine Forbes writes, fraudsters rely on artificial intelligence (AI) to deceive their victims. The attacks are so sophisticated that even experienced users are at risk of falling for them, the report said.
This is how the scam works
The scam starts with a seemingly innocuous account recovery email – in this case, it affected Google's Gmail account. Soon after, the scammer received a call, pretending to be a Google employee. The tricky part is that the phone number displayed actually matches the official Google contact details.
The first stage of the attack is to recover your account through such phishing emails.
Attackers also use state-of-the-art speech synthesis technology to deceptively imitate human voicesit continues. They combine these with social engineering techniques such as feigning urgency. The aim is to convince victims to reveal their access data.
Currently, Americans appear to be the main targets, but phishing methods using cloned voices may soon target German speakers as well. To do this, the fraudsters would have to train the AI voice in German, which would happen sooner or later.
Experts use AI voting to explain fraud
Microsoft experts warn of phishing emails and scam calls
Microsoft employee Sam Mitrovic became aware of the scam attempt. He described the entire process in a blog and warned all Gmail users to be aware of this “terrible scam.”
At first glance, this appears to be one of many phishing attacks. Mitrovic received an email asking him to reinstate his account. So far, 2024 has been pretty normal.
Things got more complicated when Mitrovic received a call a few minutes later, which, according to the number, was also purported to be from Google. The IT consultant also ignored this and quickly forgot about it.
It was only a week later that the depth of the fraudsters' persistence in this case became apparent. Mitrovic received another email and a few minutes later another phone call. This time he accepted it.
“It was an American voice, very polite and professional,” the IT expert recalled on his blog. This alerted him to suspicious activity on his Google account, and it was reported that someone from Germany had logged into the U.S. account.
Scammers use artificial intelligence to commit fraud
To protect himself, Mitrovic asked over the phone to send him an email about the case – usually an easy option for detecting attempted fraud. But this works too; the corresponding sender address doesn't look suspicious at first. The caller's number can even be identified online as an actual Google support number.
“I know how easy it is to fake this number,” the expert explains. Seconds later it turned out that this was actually happening. Because when Mitrovic stopped responding to the caller's “hello,” he would only hear another “hello” that sounded exactly the same after a brief pause.
To experts, this is a clear indication that artificial intelligence is behind the call. “I could have asked him to sing me a song,” he explained. When he wants to test this with a callback, it only sends to the mailbox.
But Mitrovic knew this phishing attempt was beyond anything he had seen before. “A lot of people could be fooled,” he said. There have been several posts on social media about nearly identical cases.
Public Service Announcement: You should be aware of a fairly sophisticated phishing scam using an AI voice that claims to be powered by Google (Caller ID match, but not verified)
Do not click “Yes” on this dialog – you will be subject to phishing
They claim to be checking to see if you are alive and… pic.twitter.com/60zeuS2lL8
— Gary Tan (@garrytan) October 10, 2024
It's not entirely clear whether the fraudsters are launching scam attempts on a global scale. However, Gmail users, and certainly other email users, should currently be wary when it comes to so-called authentication processes.
In this context, experts repeatedly point out that companies never discuss sensitive data over the phone. If you have questions, you should contact the appropriate support person personally. If you receive a suspicious call, it's best to hang up immediately.
Google is responding to threats
To combat such threats, Google recently launched Global Signal Exchange (GSE). The platform is designed to share threat intelligence and was created in partnership with the Global Anti-Fraud Alliance and the DNS Research Consortium.
Amanda Storey, head of trust and safety at Google, explained the goals of the program: “GSE is designed to improve the exchange of abuse signals and enable faster identification and disruption of fraudulent activity.” The platform is designed to provide real-time insights into fraud and cybercrime patterns .
This is how you can protect yourself
Experts recommend being cautious when encountering unexpected contacts, even if they appear trustworthy. Important protective measures include:
- Never give out sensitive data such as passwords, credit card details, etc. over the phone or via email
- Stay calm and don't put yourself under pressure.
- Never transfer money when requested or under time pressure
- Also double check the sender address and phone number If you have any questions, please contact support directly through official channels.
die Enable two-factor authentication provide a Important extra security For online accounts, whether email, online stores, or other accounts. Google also recommends using the Advanced Protection Plan, which now also offers key support. This combination makes it nearly impossible for hackers to gain access to accounts, even if they steal the credentials.
(t-online/watson.de/oli)
Sources used:
The new Google Camera can do it
1/13
The new Google Camera can do it
Sample photos of the 2023 Pixel 8 Pro. Can the new Pixel 9 Pro be convincing too?
Source: Watson/Oliver Wietlisbach
Time travel through Paris: Google Maps introduces augmented reality
Video: Watson
You may also be interested in:
The specially interactive horror game Until Dawn receives a revamped new version to coincide with the gloomy autumn and Halloween seasons. But is it really worth playing again?
In 2015, we were particularly impressed by the PlayStation 4 game Until Dawn: like a classic horror film, we accompanied a group of teenagers who were being hunted in isolation by a deranged killer. Who can survive the joy, and who must leave the stage bloody? At various points, we're allowed to take our fate into our own hands and send characters on specific story paths.
