With AI growth, internet scams increase proportionally. Just recently, an expert in security shared with the general public a new high-level AI-based scam that is targeting its victims to steal the Gmail account details of such users.
The new threat should wake up all internet users about their vigilance as the technology comes to be powerfully used by cyber crooks.
'Super Realistic' AI-Powered Scam Calls
Frauds are using AI to make phishing attempts seem very real and very difficult to discern. The last time such a thing occurred was when security expert Sam Mitrovic recently shared his experience with an AI-driven scam call in a blog post.
He said the scam was "super realistic," and many people could have easily been taken in by it. Not the first time AI has been used in scams, though: in Mitrovic's account lies what the methods have come to be so advanced.
The fraud started with a message on Mitrovic's cell phone asking him to confirm a Google Gmail account recovery request that he had never submitted. He ignored the message and another missed call that he believed was from Google Sydney. But a week later, the same message came again, and this time he answered the follow-up call.
"Despite many red flags upon closer inspection, this call seemed legitimate enough to trick many people. My guess is that their conversion rate from calls answered would be relatively high," he said.
Read More: Beware Windows Users: Hackers Spread Lumma Stealer Malware Through Fake Human Verification Pages
How the Scam Went
As per Apple Insider, the scammer used a friendly, professional American male voice and told Mitrovic that shady activity had been taking place on his Gmail account for the past week. It was designed to sound believable in both time lengths since the last notification and the phone call.
While talking, he Google-searched the number the call was coming from, and it seemed to be one of those Google numbers, Mitrovic remembered. However, he knew that phone numbers can be spoofed easily as well. Even though the number was legitimate, the call was intended for questions relating to Google Assistant and not for Gmail account recovery, he said.
He knew something was amiss, and so, asked the caller to send him an email. A minute later, he saw that email which looked otherwise very authentic at a glance, but something didn't seem to make him right. The voice of the person at the receiving end also had a near-perfect pronunciation and spacing which elicited red flags that it was probably AI-generated.
For the Red Flags
Meanwhile, Mitrovic eventually hung up and realized he'd been talking to an AI voice, a pretty chilling reminder of how far along these scams have gotten. He later pointed out several red flags that stuck out in this scam:
- Gmail account recovery notifications unrequested: This was the first red flag that something was wrong. If you haven't requested a recovery, it's likely a phishing attempt.
- Valid numbers can be spoofed: Scammers can mask the number so that it appears to come from a reputable company, like Google.
- Google does not normally call the average Gmail account holder: Google will rarely call an individual Gmail account unless you have a Google Business Profile.
- AI-generated Voices Are Becoming Pretty Common: The voice's perfect pronunciation and spacing made it sound too robotic, making Mitrovic realize he was talking to an AI.
Why AI-Powered Scams are More Dangerous
The presence of AI in scams raises new challenges. Unlike the old classic phishing calls, where human scammers may make mistakes or lack patience, AI-driven scams are deployed on a much grander scale and are far more convincing. The frightening part is that AI allows scammers to mimic human conversation flawlessly, which makes it harder to detect fraud.
Most disturbingly, this could lead AI to minimize human involvement in such scams. As Mitrovic admits, with such scams these scammers can automate hundreds or thousands of these calls at the same time which will multiply the scope of victims.
How to Guard Against Yourself
Just like Mitrovic, who's now facing a rather costly experience, let's remind ourselves how we need to always be on our guard against such scams. Here's how you should protect yourself:
- Always confirm any requests or notices of suspicious activities directly from the company. Do not rely on emails or phone calls initiated by you.
- Never tell anyone any sensitive information, such as passwords or one-time authentication codes over the phone, especially if you did not initiate the call.
- Be aware of cold calls or emails, even though they look so authentic. Never take anything at face value; look for inconsistencies.
