New AI scam targets Gmail users with fake account recovery requests

New AI scam targets gmail users with fake account recovery requests

A new AI-powered scam is targeting Gmail users, aiming to steal personal data. Scammers trick people into approving fake account recovery requests. This scam is spreading fast and catching users off guard.

IT consultant Sam Mitrovic recently shared his experience with this scam. He explains how the fraudsters use clever tactics to deceive and steal.

In this blog, we’ll explore how scams work and how to protect yourself.

How the AI Scam Works

This scam begins with a sudden notification on your phone or email. You’re asked to approve a Gmail account recovery request that you didn’t initiate. This request often comes from a foreign country. In Sam Mitrovic’s case, it came from the United States.

Like Sam, many users decline the first request. But about 40 minutes later, the scammers make their second move. They call you, pretending to be from Google.

A Convincing Phone Call

Sam described how convincing the call was. The scammer had a professional, polite, American-sounding voice. They claimed there was suspicious activity on Sam’s Gmail account. They might ask questions like, “Did you log in from a foreign country?” to make you feel alarmed.

The caller ID might even show a number that appears to be from Google. This small detail makes the scam seem more believable.

Once they have your attention, they drop the real trick.

The Fake Emergency

The scammer claims someone has accessed your account and downloaded sensitive data. To fix this, they say, you need to approve the account recovery request.

They may send you an email that looks like it’s from Google. But this is a spoofed email, designed to appear legitimate. If you approve the request, the scammers gain full access to your Gmail account.

Why This Scam is Dangerous

This scam is dangerous because it uses AI to target specific users. The phone calls and emails seem real. Most people wouldn’t think twice before following the instructions.

The scammer’s goal is to get you to approve the account recovery. Once they have access, they can steal sensitive information like:

  • Personal emails
  • Financial data
  • Stored passwords
  • Contact lists
  • Confidential documents

Once they access your Gmail, they can also hack other connected accounts. This includes your social media, online banking, and cloud storage accounts.

How Gmail Users Can Protect Themselves

Sam Mitrovic highlights the importance of staying alert. Here are a few ways to protect your Gmail account:

1. Never Approve Requests You Didn’t Initiate

If you receive a recovery request you didn’t start, don’t approve it. This is the first sign that someone is targeting your account.

2. Verify Calls Claiming to Be from Google

Google almost never calls users unless you are involved in Google Business services. If you get a suspicious call, hang up. Always verify the phone number before engaging.

3. Check Email Addresses Carefully

Scammers often send fake emails that look real. Always check small details like the “To” field or domain name. A real Google email will only come from “@google.com.”

4. Review Your Gmail Security Activity

Regularly check your account’s recent security activity. Go to your Gmail account settings, click on the “Security” tab, and review unfamiliar logins.

5. Inspect Email Headers

For tech-savvy users, checking the email headers can reveal if the email came from Google. If not, it’s a fake email. Don’t interact with it.

Also read | OTP Scams Rising in India: Protect Yourself from Financial Fraud

What to Do If You Suspect a Scam

If you think you’ve been targeted by this scam, take these steps immediately:

1. Change Your Gmail Password

Immediately change your password to a strong, unique one. This will lock out the scammers if they have gained access.

2. Enable Two-Factor Authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security. With 2FA, even if someone has your password, they can’t log in without a second verification step.

3. Report the Scam to Google

Google takes security seriously. If you encounter this scam, report it to Google right away. This helps them take action and protect other users.

4. Check Your Other Accounts

If the scammer had access to your Gmail, they might have accessed other accounts too. Review your bank accounts, social media, and cloud services for suspicious activity.

5. Use Security Software

Consider using good security software to protect your devices from future scams. It can warn you about phishing attempts and block suspicious links.

Also read | What is a digital arrest? A new deepfake tool used by cybercriminals

How to protect yourself from AI scam

As AI becomes more advanced, scams like this will continue to evolve. It’s important to stay informed and take proactive steps to protect yourself.

Here are some additional tips to help you stay safe:

1. Stay Educated

Keep yourself updated on the latest scams. Read about new techniques that scammers are using and share the information with others.

2. Be Skeptical of Unsolicited Messages

If you receive an unexpected email, call, or message, be cautious. Verify its authenticity before responding.

3. Secure Your Online Accounts

Use strong, unique passwords for every online account. Don’t reuse passwords across different platforms. Also, regularly update your passwords for added security.

4. Keep Your Software Updated

Keep your phone and computer software up to date. Security patches in software updates often fix vulnerabilities that scammers exploit.

5. Use a Password Manager

A password manager helps generate and store complex passwords. It makes it harder for hackers to guess or steal your login information.

This new AI scam targeting Gmail users is a reminder to stay vigilant. Scammers are becoming more sophisticated in their attempts to steal personal information.

By knowing how these scams work and how to protect yourself, you can keep your Gmail account safe.

Always double-check any recovery requests and be skeptical of unsolicited calls. Stay informed and secure your online accounts to avoid falling victim to this type of fraud.