Major Security Alert Issued for 2 Billion Gmail Users Against Clever AI Hack

Google has been steadily enhancing its defenses to safeguard Gmail accounts from potential breaches. However, as these protections evolve, so too do the tactics of cybercriminals, who are now leveraging artificial intelligence to craft increasingly sophisticated attacks.

The scale of this challenge is immense, given that Gmail boasts a user base exceeding 2.5 billion, according to Google’s statistics. This vast number of accounts presents an attractive target for hackers and scammers, who see each user as a potential victim.

Gmail logo on a smartphone, AI concept icon in the background

The gravity of this situation has been underscored by Sam Mitrovic, a Microsoft solutions consultant, who recently shared a warning to all Gmail users.

Mitrovic nearly fell prey to what he described as a “super realistic AI scam call.” This incident serves as a stark reminder that even those well-versed in technology can be vulnerable to these advanced deception techniques.

How The Scam Works

In a recent blog post, Mitrovic detailed a sophisticated attack that nearly compromised his Gmail account. The incident began a week before Mitrovic fully grasped the complexity of the threat he was facing.

Initially, Mitrovic received a notification prompting him to approve a Gmail account recovery attempt. This type of request is a well-known phishing tactic, often used to lure users to fake login portals where they unwittingly enter their credentials. Aware of such schemes, Mitrovic ignored both the notification, which appeared to originate from the U.S., and a subsequent missed call purportedly from Google in Sydney, Australia, about 40 minutes later.

However, the situation escalated precisely one week later. Mitrovic received another account recovery approval request, followed by a phone call 40 minutes later. This time, he answered the call. An American voice, claiming to represent Google support, informed Mitrovic of suspicious activity on his Gmail account.

The caller, posing as a Google support representative, began by asking seemingly innocuous questions about Mitrovic’s travel status and login locations. This tactic was meant to build trust while simultaneously instilling fear in the recipient.

The impersonator claimed that an attacker had been accessing Mitrovic’s Gmail account for the past week and had already downloaded account data. This revelation struck a chord with Mitrovic, as it coincided with the recovery notification and missed call he had received a week earlier.

In an attempt to verify the caller’s legitimacy, Mitrovic searched the incoming phone number online while still on the call. To his surprise, the number led to Google business pages, a clever ploy likely to deceive many unsuspecting users caught in the heat of the moment. However, the page was not for Google support but rather for Google Assistant calls.

The genuine Google page provided information about automated calls from Google, stating, “At the start of the call, you’ll hear the reason for the call and that the call is from Google. You can expect the call to come from an automated system or, in some cases, a manual operator.” This information, while accurate, inadvertently lent credibility to the scammer’s approach.

Users are recommended to double-check any such scam attempts as soon as they come across one.

Follow ProPakistani on Google News & scroll through your favourite content faster!

Support independent journalism

If you want to join us in our mission to share independent, global journalism to the world, we’d love to have you on our side. If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.



Get Alerts

Follow ProPakistani to get latest news and updates.


ProPakistani Community

Join the groups below to get latest news and updates.



>