Scammers Are Using AI to Pretend to Be Google



A recent incident, described in a personal blog by Sam Mitrovic, shows how AI-powered scam calls are becoming harder to discern. Mitrovic received a series of suspicious notifications and phone calls that mimicked legitimate Google communication—a threat that could have led to the loss of his Google account.




The events began with a Gmail account recovery attempt notification originating from the United States. This was followed by a missed call from a number displaying “Google Sydney” as the caller ID. About a week later, Mitrovic received another account recovery request, again from the United States. And this time, he answered the call from “Google Sydney,” which had a polite and professional American voice speaking from an Australian phone number.

The caller claimed there was suspicious activity on Mitrovic’s account, implying unauthorized access from Germany. Mitrovic was told his account data had been downloaded, referencing the earlier account recovery notification. Notably, the phone number used by “Google Sydney” appeared in official Google documentation, suggesting the number was legitimate.


Still, Sam asked the caller to prove their identity. The caller sent an email that appeared to be from a Google domain, but upon closer inspection, Mitrovic noticed the email’s “To” field contained an email address ending in “InternalCaseTracking.com,” which is not a Google domain. The caller’s voice, characterized as “too perfect,” also raised suspicion. Mitrovic, recognizing the potential for an AI-driven scam, hung up the call. After returning home and checking his Google account’s recent security activity log, Mitrovic only found his own login sessions. An examination of the email headers revealed that the email originated from an IP address associated with Amazon Web Services (AWS). This finding supports the possibility of the email being sent through a cloud-based platform used by scammers.


Google is aware of the issues that are coming from AI scammers and is combating online scams by partnering with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNSRF) to launch the Global Signal Exchange (GSE), a platform for sharing scams and fraud information. Google is also expanding its Cross-Account Protection tool, which helps protect users by sharing security notifications with apps and services linked to their Google accounts. However, this may not be enough because, according to The Lawstreet Journal, these AI companies have been targeting all 2.5 billion Gmail account holders. Google isn’t alone either, because even Apple customers are dealing with more advanced scammers.

It’s important to note that AWS itself is not involved in or responsible for fraudulent activities; rather, it is a service that was used. There are plenty of AI apps on the App Store that are used for scams, so it’s not going to stop anytime soon. The ability of scammers to mimic human voices and create realistic scenarios will likely make it much harder to distinguish legitimate calls and communications from frauds. So it’s better to always be very careful.


Source: Sam Mitrovic



Source link

Previous articleHow do the Fuji cameras compare?
Next articleBitcoin ‘Uptober’ in play ahead of US election