Spam & Hackers

Gmail’s AI Hack Scare: Security Warning For 2.5 Billion Users

By Michael Smith

Gmail's AI Hack Scare Security Warning For Billion Users

Phishing attacks are one of the oldest tricks in an attacker’s handbook that has proven effective time after time. We usually consider that these attacks would only work on uninformed, or not-too-educated users, but scary reports are coming out, effectively stating that almost all users of Gmail, the most popular email service in the world are susceptible to sophisticated AI-based phishing attacks that are too hard to detect, even for someone who is working as solutions consultant at Microsoft. 

We are talking about Sam Mitrovic, a Microsoft solution consultant who brought an alarming phishing attempt he faced to the public through his LinkedIn blog. According to Google’s data, the Gmail emailing service has about 2.5 billion users.

So, it is a no-brainer why the phishing attack chose Gmail users. Let’s learn more about the experience of Sam Mitrovic and learn what the Gmail security warning is all about. We will also how you can stay away from the new AI-based Gmail hack.

Gmail’s AI Hack Scare: What Happened to Sam Mitrovic?

Gmail's AI Hack Scare

The Gmail phishing attacks using sophisticated Artificial Intelligence technologies came to light when Sam Mitrovic, a Microsoft solution consultant revealed his near-miss experience in his blog post. It all started with a notification to confirm the Gmail account recovery attempt, Mitrovic received on his phone. Upon failing to take action against the notification, he received a call as well.

The call was supposed to be from Google’s Sydney Australia division, while the notification was sent from America. As Mitrovic has some knowledge about phishing attacks, he was aware that these are some of the most common phishing tricks, which prompt the user to click on a link and reveal their vital information such as credentials. 

However, the scary phase of this phishing attack happened a week later. Mitrovic first got a message for Gmail account recovery and a call, about 40 minutes later. This time, he picked up the call. The caller said that they were from the Google Support team, contacting them in response to suspicious activities in the Gmail account. 

The caller informed Mitrovic that his account was logged in from a foreign location, corroborating the previous messages he got. They also informed Mitrovic that the perpetrators managed to access all his data.

While this news scared Mitrovic at first, he acted reasonably and googled the number he was talking to. The number belonged to Google, but not the customer support team, rather the number used for making calls from Google Assistant. So, the reasonable and informed intervention of Mitrovic saved him from a cyber attack. 

However, you cannot expect all users to be this cautious about the calls and messages they are getting from perpetrators who are pretending to be customer support. With sophisticated AI models, they can appear as real as they can be. 

Gmail AI Hack: Security Warning 

Gmail accounts not only give access to the email service but almost all the services Google and other applications provide. So, giving Gmail credentials to a scammer through phishing attacks can be critical to your privacy on various levels. It can affect your work through Google Workspace, and your files through Google Drive and Photos. 

This is why AI-based attacks on Gmail, are alarming. In a post shared on the X platform (formerly Twitter), Gary Tan, the founder of a venture capital firm and startup accelerator Y Combinator, warned about another AI-based elaborated phishing attack orchestrated at Gmail users. Here again, the attackers used AI to disguise themselves as the Google customer support team.

The attackers claimed that Tan needed to confirm his credentials to prove he was the owner of the account because they had received recovery requests from someone claiming that the original owner of the account passed away. To further instill fear in users, to make them vulnerable, and to make them give up their credentials.

Also Read: Google Hackers Reportedly Targeted Password System

Gmail AI Hack: Google Takes Actions 

Google announced earlier this week that they are teaming up with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) to fight against scams. The project is code-named as “Global Signal Exchange”. The project aims to provide real-time insights into scams, fraud, and other cyber attacks to signal the users about the potential dangers.

While this might not put an end to all cyber attacks, this is a start for better security. According to a blog post from Amanda Story, the Senior Director of Trust and Safety at Google remarks that the joint venture with GASa and DNS RF can leverage the strength of both into one single platform.

Additionally, it is an added advantage that Google’s AI-based systems can find patterns from the collected data, to provide faster insights into cyber-attacks and hacks. 

AI Attacks: How to Stay Safe?

We have already learned the new sophisticated AI-based phishing attacks happening for extracting the credentials of Gmail. Since they are highly elaborate and multi-folded, these scams can be hard to detect, and easy to fall for. 

When we study the examples we have seen above, we can see that scammers can come in any shape or form. Not just as the customer support team, but as government officials, representatives of law enforcement agencies, and even as a delivery executive.

So, it is extremely important to always stay vigilant and give yourself enough time to think, about whether the person you are speaking to is a scammer who is only trying to extract credentials, or if they are genuinely trying to help you. 

Here are some ways to stay away from phishing attacks in general: 

  • Check the URL: The scammers will take you to websites that look similar to the application you are using. However, you verify the legitimacy by examining the URL of the website. Check if the URL belongs to the website you are using.
  • Be skeptical: If someone is contacting you pretending to be the customer support executive, ask questions, and check if the person answers authoritatively. Additionally, you can contact customer support directly to check the authenticity of the call you received.
  • Ignore suspicious links: Don’t open files or links received from uninitiated senders. You may also hover over the link to see the full URL and check if it matches the official website of the service they say they are from.
  • Beware and stay informed: Knowledge about various cyber attacks happening around the world can further enhance your skepticism and may help you avoid a majority of phishing attacks. 

The above-mentioned precautions are some of the safety measures that may protect you from a wide range of phishing attacks. However, none of the precautions are effective enough to completely reduce the possibility of falling to phishing attempts to zero. If you fall victim to any phishing attacks or cyber attacks, immediately contact your service provider and initiate recovery attempts. 

Explore More: Most Common Cybersecurity Threats And How Hackers Exploit Them

Conclusion 

AI-based phishing attacks on Gmail have come to light in recent weeks with many users pointing out that the scammers were pretending to be the customer support team of Google.

The elaborative methods they have used for phishing out user credentials are alarming and highly concerning, especially when we realize that Gmail has more than 2 Billion users. However, these phishing attempts can be detected by skepticism and by taking proper precautions.

Michael Smith

Michael Smith is a seasoned technology writer with over 10 years of experience specializing in internet-related topics, emerging technologies, and digital trends. His deep understanding of the tech landscape allows him to simplify complex subjects for a wide range of readers, from industry professionals to tech enthusiasts. Michael has contributed to numerous well-regarded publications and has a proven track record of delivering accurate, engaging, and well-researched content. With a passion for innovation, Michael regularly covers topics such as cybersecurity, cloud computing, artificial intelligence, and internet infrastructure. His ability to stay ahead of the curve in this fast-paced field ensures that readers receive the latest insights and information on cutting-edge technologies. In addition to his writing career, Michael holds a degree in Computer Science.

Leave a Comment