Responding to new claims that scammers are using more advanced methods to hack into users’ Gmail accounts, Google issued a response.
A Google spokesperson on Wednesday directed The Epoch Times to a post “that includes Google’s top tips for spotting email, phone, text, and web scams, and what to do if you encounter one, in response to several recent reports that users were targeted by a sophisticated AI scam that could lead to their Gmail accounts being compromised.
Sam Mitrovic, the Microsoft IT consultant, said in a blog post last month that an AI-generated voice was used to try and trick him into providing sensitive information about his account, which would lead to it being taken over.
“The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale,” Mitrovic wrote in the post. “People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort. Many people are likely to fall for it.”
“Despite many red flags upon closer inspection, this call seemed legitimate enough to trick many people,” he warned. “My guess is that their conversion rate from calls answered would be relatively high.”
Garry Tan, chief executive of prominent tech-oriented venture capital firm Y Combinator, said in an X post that he received a similar phishing scam that also involved an AI-generated voice.
The scammer calmed to be from Google Support, adding that the caller ID matched but wasn’t verified. He then warned people to not click yes in the prompted dialogue because they will be phished.
How to Spot Google-Related Scams
Google provided several tips on how Gmail users can keep their accounts secure and what to look out for if they believe they’re being scammed.Users should always be wary of emails from people or accounts they do not know, and be extra alert if the email is asking for personal information, according to the post.
When users receive a password reset request that they did not submit, they should ignore it.
“Many password reset requests are attempts by bad actors to get you to engage and inadvertently allow access to your account,” the post explained. “If you didn’t request a password reset, just delete the email” or message, it added.
Users should also be wary of poor grammar, misspellings, or unusual fonts, it noted. Those could be “clues” that it’s a scam email, Google said.
Requests from email accounts that are “urgent” or strangers who are “urgently asking you to share personal information, especially things like bank account details, home addresses, or a credit card number” should be met with skepticism, Google added.
Next, Gmail users are advised to verify the sender’s email address. “Even if an email looks like it’s from a trusted contact—like your bank—hovering over the sender’s email address will reveal the actual source,” the firm says.
The preview of the email may be different than the actual address. A preview may say something like, “your bank,” but the address may actually be “[email protected],” it noted.
“If you have any doubt about an email being from a trusted source, don’t click on links in the body” of the email, Google added, in part.
For Phone-Based Scams
For phone-based scams, the tech giant advised people to “ask a lot of questions” to verify details the user has. People should also be wary of links to websites that are sent via text message, it advised, because such links are a common way that scammers can obtain users’ sensitive data.“Do not click on links in texts, especially from people you don’t know. Never download apps sent to you through text messages from unknown sources,” the company advised.
And “like emails, be wary of urgent callers requesting sensitive information over the phone, especially as it relates to money or personal information,” the post added.
The post also included a warning about two-factor verification, or two-step verification, described as an extra layer of security that websites and services use to make sure a user presents two or more pieces of evidence to login.
“Two-factor verification is designed to keep you safer, so temporary passwords, links or passcodes should never be shared,” said the blog post. “No legitimate business will ever ask for you to share your two-factor verification information.”
Meanwhile, Google said that it provides its built-in security features in Google Phone and Google Messages that send notifications or an alert when a suspicious message is sent to a phone that could be a scam. The post advised users to be on the lookout for Google’s warnings.
