Gmail users beware of Google impersonation tricks to hijack accounts

In recent weeks, Gmail users have been facing a highly sophisticated form of phishing that uses AI to impersonate Google employees. Hackers have built complex phishing scenarios, from sending fake emails asking for account verification to making automated calls that mimic the voice of a support agent. In this way, they have fooled many users, taken control of their accounts and caused serious damage.

Microsoft IT consultant Sam Mitrovic has advised users to be extremely cautious with any Gmail account recovery requests, especially those from unknown sources. If you receive such an email or call, go directly to Google's official website to check the information yourself.

Also, never give out personal information to anyone over the phone unless you're absolutely sure who the caller is. Remember, Google will never ask you for your password or credit card information over the phone.

Accordingly, Sam Mitrovic shared an experience related to the scam to recover his Gmail account. Although he received a confirmation message to recover the request, he refused. Immediately after that, Mitrovic received a call from a phone number displayed as "Google Sydney", but the content of the call contained many unusual points such as the request to provide too detailed personal information, the caller's voice sounded unnatural and the time pressure to make a decision. Because of these suspicious signs, he decided to refuse all requests.

The following week, Mitrovic received another message asking him to confirm his account recovery. Remarkably, this time the call had come in just 40 minutes earlier, from a number with an Australian area code. Despite his suspicions, Mitrovic picked up. The voice on the other end of the line was an American man, with a polite and professional demeanor.

The caller informed him that they had noticed suspicious activity on Mitrovic’s account, specifically that someone had been hacking and downloading data over the past week. This information made Mitrovic even more wary, as it matched what he had experienced before. However, he remained skeptical and refused to provide any further information to the caller.

The IT expert decided to check further before doing anything. He verified the phone number that called and found that it matched the official Google technical support number in Australia. He then requested a confirmation email, and the reply email looked very professional, like it was from Google itself. However, the expert remained cautious. He knew that spoofing email addresses and phone numbers is a very common tactic used by hackers, which is called “spoofing.”

Upon closer inspection, Mitrovic discovered something suspicious: the email address that was sent was not an official Google email. By looking closely at the "From" section of the email, he realized that it was simply a fake address designed to look like a Google email.

Not only that, when he checked the account history, he found no signs that the account had been hacked. Finally, he realized that the call he received could have been generated by AI. The voice was so perfect and without any mistakes, which is very unlikely to be a real call.

Mitrovic had no idea he was not the only victim of this scam. After searching online, he discovered that many others had been scammed in the same way. On Reddit and an Australian forum, he found posts from users who said they had been scammed in exactly the same way.

Forbes magazine said that without professional knowledge, it is very likely that Mitrovic's login information was stolen. The attacker could have created a fake login page to trick Mitrovic into entering personal information. They could even have used malware to steal cookies and bypass two-factor authentication. This is a very sophisticated and dangerous trick, showing that cybercriminals are becoming increasingly cunning.

Using fake account recovery messages is a classic tactic used by cybercriminals to carry out phishing attacks. These tricks will often lead customers to a fake login portal where their login credentials are collected.

"While there are many ways to protect against scams, our best weapon is still vigilance," Mitrovic advises. "Always double-check information, especially when it comes to personal accounts. And if you're unsure, ask a trusted friend or relative for advice."

With the advancement of AI technology, phishing attacks are now more sophisticated than ever. AI can create fake calls, emails, or text messages that are so realistic that it is difficult for users to distinguish between real and fake. Therefore, it is essential to maintain vigilance and skepticism to protect yourself from these increasingly sophisticated scams.