As hackers continue to evolve their tactics, Gmail users are facing increasingly sophisticated phishing attacks driven by artificial intelligence.
According to Google, Gmail serves more than 2.5 billion users worldwide, making it an attractive target for scammers and cybercriminals.
In a recent incident, Sam Mitrovic, a Microsoft solutions consultant, narrowly avoided falling victim to a convincing AI-driven phishing scam. The attack began with a Gmail account recovery request and culminated in a phone call from someone claiming to be from Google support.
“He asks if I’m traveling,” Mitrovic recounted, according to a report by Forbes. “When I said no, he asks if I logged in from Germany, to which I reply no.” The caller then escalated the fear by claiming that an attacker had accessed Mitrovic’s Gmail account for the past week.
While on the call, Mitrovic performed a quick online search and found the phone number was listed on Google’s business pages, further adding to the scam’s legitimacy. It wasn't until the caller's voice seemed artificially perfect that Mitrovic realized he was speaking with an AI-driven scammer.
This sophisticated phishing attempt mirrors another recent case shared by Garry Tan, the founder of Y Combinator.
Tan issued a warning after receiving a similarly elaborate AI-driven phishing call, where the scammer claimed they were verifying his identity after receiving a fake death certificate. “Do not click yes on this dialog,” Tan urged, noting that the phishing scam was aimed at recovering his account by bypassing standard security measures.
In addition to AI-powered phone scams, cybercriminals are also abusing legitimate Google tools, like Google Forms, to add credibility to their phishing schemes.
By sending official-looking emails from Google servers, scammers are able to reduce suspicion and trick users into giving up their credentials.
To combat these increasingly sophisticated attacks, Google has launched the Global Signal Exchange (GSE) in collaboration with the Global Anti-Scam Alliance and the DNS Research Federation.
GSE aims to provide real-time insights into cybercrime by sharing intelligence on scammers and fraudsters. "The ultimate goal," Amanda Storey, Google’s senior director of trust and safety, said, "is to create a user-friendly solution that operates at the scale of the internet."
Gmail users are advised to stay vigilant, especially when receiving unsolicited account recovery requests or phone calls.
If contacted by someone claiming to be from Google support, it’s crucial to remain calm, avoid sharing personal information, and double-check the authenticity of the call or email before responding.