A recent blog post by Sam Mitrovic, a Microsoft solutions consultant, has raised alarms about a sophisticated AI-powered cyberattack targeting Gmail’s 2.5 billion users. The attack involves scammers impersonating Google Support through realistic AI-generated phone calls.
Mitrovic detailed his experience with the scam, which began when he received a notification requesting approval for a Gmail account recovery attempt—a common phishing tactic. After ignoring the initial alert, he received another notification indicating he had missed a call from “Google Sydney.”
A week later, he experienced the same notifications, prompting him to answer the call. The individual on the line claimed there was suspicious activity on his Gmail account and stated that the attacker had accessed his account data. Alarmingly, the phone number appeared legitimate, originating from a Google business page.
However, Mitrovic soon recognized that the voice on the call was AI-generated. The speaker’s unnaturally perfect speech and repetitive phrases, such as “Hello,” raised suspicions.
This type of scam is designed to capture user credentials, often employing session cookie malware that can bypass two-factor authentication—if it is enabled.
As cyber threats evolve, users are urged to remain vigilant and cautious when receiving unsolicited calls or messages, even from seemingly trusted sources.
Leave a Reply