New Gmail Scam Puts Billions of Gmail Users at Risk

by
Krishi Chowdhary
from Techreport on (#6RGGP)
Untitled-design-13_cr-1200x675.jpg
  • A new Gmail scam was detected by Microsoft solutions consultant Sam Mitrovic.
  • Scammers are sending recovery requests to potential victims. If denied, they call the victim, convince them that their account is compromised, and scare them into sharing information/approving the recovery request.
  • Mitrovic managed to avoid the scam by being alert. Google has also noticed that scam attempts are rising and is trying its best to protect users against them.

Untitled-design-13_cr-300x169.jpg

A new hack is targeting billions of Gmail users. The scam was detected by a Microsoft solutions consultant called Sam Mitrovic, who experienced it firsthand and detailed it in a blog.

How the Scam Works

It started with Mitrovic receiving a notification that asked him to approve a Gmail recovery attempt. It's worth noting that this is a very common phishing technique.

Mitrovic was experienced enough to recognize that it was a scam, so he denied the request. Then, about 40 minutes later, he got another notification claiming that he missed a call from Google Sydney. Again, he ignored it.

Then a week later, he got another notification to approve a recovery request. Yet again, he denied it and just like the previous time, he got a call 40 minutes later. This time he picked it up.

A scammer pretending to be from Google claimed that his account was compromised and a hacker downloaded some information from his account over the past week.

Although worried, Mitrovic didn't fall for it. He quickly Googled the phone number and found that it was a legitimate number from Google's business page. Still, he was unsure because calls can be easily disguised. So, he asked the caller to send a confirmation email, which he did, and that email looked exactly like Google's.

How Can You Identify the Scam?

Mitrovic noticed that in the To" bar of the email he received, there was a non-Google domain name that the scammer had tried to disguise.

Also, when he first picked up the call, the caller on the other end said hello," which Mitrovic ignored. About 10 seconds later, the caller said hello" again.

However, what was odd here was the pronunciation and spacing of the two hellos - they were too perfect. This means that it was certainly an AI-generated voice.

Mitrovic realized what was going on and quickly disconnected the call. He got lucky. However, Google's Gmail has more than 2.5 million users worldwide. Will everyone be as lucky or aware as Mitrovic? What happens if someone actually approves the recovery request?

Check out how scammers can clone your voice to trick your loved ones

Scams Are Getting More & More Sophisticated

We at TechReport always advise our users to be alert and watch out for signs that might reveal whether a call is a scam or not. However, fraudsters are becoming increasingly sophisticated.

For instance, they're now using Google Forms to contact the victims and send it via legit Google servers. So, even if a user checks where the email is from, it will show something like workspacesupport@google.com, which makes the scam more believable.

In some cases, they also use a double legitimacy method. This is when a caller tells the user that they will be receiving a confirmation email or SMS from a certain person/number. This further makes the victim lower their guard. So, unless the scammer slips up or the user is really vigilant, detecting these scams can be difficult.

Read more: New AI-powered tool Ask Silver' will help you detect scam texts

Protection Against Fraud

Google knows that it has one of the largest user bases in the world, and hence it's trying its best to protect everyone through increasingly sophisticated security measures.

For example, earlier this week it joined hands with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNS RF) in a new initiative called the Global Signal Exchange.

Global Signal Exchange is an intelligence-sharing platform that will enable faster transfer of abuse signals and real-time insights into scams so that organizations can quickly identify and disrupt malicious operations.

As for individual safety, users need to be a little more cautious. We can all learn from Mitrovic. Don't immediately believe whatever the caller says, no matter how urgent it sounds. Take your time to verify whether they're truly from the company they claim to be from.

Google also has an Advanced Protection Program designed specifically for high-risk individuals, such as journalists, politicians, and public figures. It provides you with a security key for sign-ins, deep scans for your Gmail, additional scans for everything you download, and Google Safe Browsing protections in Chrome.

The post New Gmail Scam Puts Billions of Gmail Users at Risk appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments