An important new alert has been issued to Gmail users and you’d be wise not to ignore it or risk “devastating financial losses”.
Google shares the evolution of their Gmail app
Gmail users should be on the lookout for a worrying scam that's using a new tactic to try and steal personal data and gain full access to accounts. The highly sophisticated and 'devastating' attacks are switching to AI in a bid to trick email account holders and it's simple to see how some have been fooled.
Users were first warned about the new threat all the way back in May last year with America's FBI law enforcement agency issuing an alert after spotting a rise in Artificial Intelligence scams. Some were so serious, the attacks were leaving people with money and their identity stolen by online crooks.
At the time, FBI Special Agent in Charge Robert Tripp said: "Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data."
Since then, even more people have been targeted. The team at Malwarebytes has now issued new guidance on what to watch out for and how to stay safe.
EE issues 'important' text warning and puts phone users on red alert today
According to these security experts, the new scams start with users receiving phone calls claiming their Gmail accounts have been compromised.
This is followed by a legitimate-looking email that appears to have come directly from Google.
"The goal is to convince the target to provide the criminals with the user’s Gmail recovery code, claiming it’s needed to restore the account," Malwarebytes explained.
If fooled, the criminals not only have access to the target’s Gmail but also to a lot of services, which could even result in identity theft.
One of those targeted has even written a full blog post about his experience. Sam Mitrovic, a Microsoft solutions consultant, said he received a notification to approve a Gmail account recovery attempt. This was then followed by a call—which sounded genuine—saying there had been suspicious activity on his account. Luckily, Mitrovic realised something was wrong and hung up.
"The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale," Mitrovic explained.
"People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it."
Apple confirms something new is coming next week in very surprising announcement
Along with these account recovery scams, the FBI has added another warning about unsolicited emails and text messages which contain a link to a seemingly legitimate website that asks visitors to log in, but the linked websites are fakes especially designed to steal the credentials.
If you receive a call from Google and are then sent a link be very careful before clicking or handing over any details as it's likely to be a scam.
Malwarebytes has now issued this advice to help users stay safe.
How to avoid AI Gmail phishing
• Never click on links or download files from unexpected emails or messages.
• Don’t enter personal information on a website unless you are certain it is legitimate.
• Use a password manager to autofill credentials only on trusted sites.
• Monitor your accounts for signs of unauthorized access or data leaks.
• Verify security alerts by visiting your Google Account page directly instead of using links in emails.
• Use multi-factor authentication (MFA) for all accounts
• Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device.
Sourse: www.mirror.co.uk
