Billions of Gmail users at risk from sophisticated new AI hack — how to stay safe

Gmail app on iPhone in woman's hand
(Image credit: Shutterstock)

Hackers are now targeting Gmail account holders with a “super realistic AI scam call” that can trick even the most experienced users. Given that there are more than 2.5 billion Gmail users based on Google's figures, it's little wonder that hackers are targeting Google's message platform in increasingly sophisticated phishing attacks.

Sam Mitrovic, a Microsoft solutions consultant, flagged the scam in a recent blog post detailing what happened to him. It started when he received a notification asking him to approve a Gmail account recovery attempt, a pretty common phishing technique intended to send the user to a fake login portal to quietly harvest their credentials. Mitrovic didn't fall for it and denied the request. About 40 minutes later, he received a notification that he'd missed a call claiming to be from Google Sydney.

Then, a week later, he got another notification request for account recovery approval. Just as before, about 40 minutes after he denied it, he got another call. This time he picked it up, and an American man claiming to be from Google Support was on the line. The man confirmed there was suspicious activity on his Gmail account and claimed an attacker had access to his account for a week and downloaded the account data. Mitrovic said that triggered alarm bells as he remembered the notification from a week prior.

While on the call, Mitrovic looked into the phone number that the call came from, and a quick Google search showed it was a legitimate number from Google's business page. Still, knowing that a common tactic used by scammers can mask where a call is really coming from, he remained skeptical and asked for an email to be sent to him to confirm whether the supposed representative was the real deal. When the message arrived in his inbox, it looked genuine except that one of the addresses in the "to" field was a cleverly disguised non-Google domain. But the biggest giveaway would come next:

"The caller said Hello, I ignored it then about 10 seconds later, then said Hello again," Mitrovic wrote. "At this point I released it as an AI voice as the pronunciation and spacing were too perfect."

At that point, realizing it was a scam, Mitrovic hung up. But it's scary to think about what might have happened if he'd approved the account recovery notification or given his credentials to the caller, allowing scammers to seize control of his account.

"The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale," Mitrovic explained. "People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it. There are many tools to fight the scammers, however, at an individual level the best tool is still vigilance, doing the basic checks as above or seeking assistance from someone you trust."

Google launches Global Signal Exchange to tackle online scams

Earlier this week, Google announced it's teaming up with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to combat online scams. It's called the initiative the Global Signal Exchange, and it's designed as an intelligence-sharing platform to generate real-time insights into scams, fraud, and other forms of cybercrime to shine a light on the facilitators of cybercrime.

Google's Senior Director of Trust and Safety Amanda Storey explained in a blog post that the joint venture “leverages the strengths" of GASA's network of stakeholders and DNS RF's data platform with more than 40 million signals "to improve the exchange of abuse signals, enabling faster identification and disruption of fraudulent activities across various sectors, platforms and services.”

The engine powering the Global Signal Exchange runs on Google Cloud, enabling "participants to both share and consume signals gathered by others while benefiting from Google Cloud Platform’s AI capabilities to find patterns and match signals smartly," Storey said.

How to stay safe from phishing scams

Phishing

(Image credit: Shutterstock)

Phishing scams are one of the most common ways hackers try to steal your personal and financial information. Unlike with malware or malicious apps, these scams don’t require any software installs or other actions that may raise red flags. Instead, hackers trick you into clicking on links or downloading attachments.

That’s why it’s important not to rush when checking your inbox. Scammers often instill a sense of urgency, hoping to make you anxious or stressed enough that you’ll follow along with their instructions before you think too hard about it. Staying calm and cautious is key when handling phishing emails to avoid falling for their tricks.

Hackers frequently disguise themselves as popular brands in their phishing attempts by faking a company’s email address. Keep an eye out for clear red flags like misspelled words or poor grammar and double-check the sender's email address or phone number to make sure it's correct. If you're not 100% convinced whether the correspondence you receive from any company is real or not, it is always best to err on the side of caution.

To keep your computer safe from malware and other viruses that could come from opening a phishing email, it's important to install the best antivirus software on your PC, the best Mac antivirus software on your Mac and one of the best Android antivirus apps on your Android smartphone.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
TOPICS
Alyse Stanley
News Editor

Alyse Stanley is a news editor at Tom’s Guide, overseeing weekend coverage and writing about the latest in tech, gaming, and entertainment. Before Tom’s Guide, Alyse worked as an editor for the Washington Post’s sunsetted video game section, Launcher. She previously led Gizmodo’s weekend news desk and has written game reviews and features for outlets like Polygon, Unwinnable, and Rock, Paper, Shotgun. She’s a big fan of horror movies, cartoons, and roller skating.

Read more
A hacker typing on a computer
FBI issues serious warning to iPhone and Android users — stop doing this ASAP
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
A person typing on a computer while hackers use phishing to steal a file from their computer
Phishing: What is it, and how to avoid it
Hooded cybercriminal sitting with laptop surround by hooks
New report details the brands that scammers like to impersonate most — and you'll definitely guess who's at the top
and image of the Google Chrome logo on a laptop
Billions of Chrome users at risk from new browser-hijacking Syncjacking attack — how to stay safe
PayPal logo on iPhone
Watch out! Scammers are using this PayPal setting to take over your PC
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
Disney Plus logo
Disney Plus upgrade just fixed one of my biggest problems with the home page
Tom Hiddleston as Robert Laing in "High Rise" now streaming on Netflix
5 best Netflix movies in March you haven't watched yet
iPhone 16 with Apple Intelligence logo for iOS 18.1
iOS 18.4: All the newest Apple Intelligence features coming to your iPhone
Maria Debska in "Just One Look" now streaming on Netflix
3 best Netflix shows in March you haven't watched yet
Split image featuring the Galaxy S25 Edge (left) and Galaxy S25 Ultra (right)
Samsung Galaxy S25 Edge just tipped for two Galaxy S25 Ultra-level features
Wolfenstein: The Old Blood
Amazon is giving away a ton of free games for its Big Spring Sale — here’s how to claim yours
  • rgd1101
    you know it is a scam if google call you.
    Reply
  • prettykitty
    "cease" in the article should be "seize".
    Reply
  • okxoliverkoenig
    I also wondered about what it means, thought it could mean to cease the original owner's control of their account.
    Reply