Gmail users beware of Google impersonation tricks to hijack accounts

In recent weeks, Gmail users have been facing a highly sophisticated form of fraud that uses AI to impersonate Google employees. Hackers have built complex phishing scenarios, from sending fake emails asking for account verification to making automated calls that mimic the voice of a support staff. In this way, they have fooled many users, taking control of accounts and causing serious damage.

Microsoft IT consultant Sam Mitrovic has advised users to be extremely cautious with any Gmail account recovery requests, especially those from unknown sources. If you receive such an email or call, go directly to Google's official website to check the information yourself.

Also, never give out personal information to anyone over the phone unless you're absolutely sure who the caller is. Remember, Google will never ask you for your password or bank card information over the phone.

Accordingly, Sam Mitrovic shared an experience related to the scam to recover his Gmail account. Although he received a confirmation message to recover the request, he refused. Shortly after, Mitrovic received a call from a phone number displayed as "Google Sydney", but the content of the call contained many unusual points such as the request to provide too detailed personal information, the caller's voice sounded unnatural and the time pressure to make a decision. Because of these suspicious signs, he decided to refuse all requests.

The following week, Mitrovic received another message asking him to confirm his account recovery. This time, the call came in just 40 minutes earlier, from a number with an Australian area code. Despite his suspicions, Mitrovic picked up. The voice on the other end was an American man, polite and professional.

The caller informed him that they had noticed suspicious activity on Mitrovic’s account, specifically that someone had been hacking and downloading data over the past week. This information made Mitrovic even more wary, as it matched what he had experienced before. However, he remained skeptical and refused to provide any further information to the caller.

The IT expert decided to check further before doing anything. He verified the phone number that called and found that it matched the official Google technical support number in Australia. He then requested a confirmation email, and the reply email looked very professional, like it was from Google itself. However, the expert remained cautious. He knew that spoofing email addresses and phone numbers is a very common tactic used by hackers, which is called “spoofing”.

Upon closer inspection, Mitrovic discovered something suspicious: the email address that the email was sent from was not an official Google email address. By looking closely at the "Sent to" section of the email, he realized it was just a fake address designed to look like a Google email address.

Not only that, when he checked the account history, he found no signs that the account had been hacked. Finally, he realized that the call he received could have been generated by AI. The voice was too perfect and without any mistakes, which is very unlikely to be a real call.

Mitrovic didn’t realize he wasn’t the only victim of this scam. After searching online, he discovered that many others had been scammed in the same way. On Reddit and an Australian forum, he found posts from users who said they had been scammed in exactly the same way.

Forbes magazine said that without professional knowledge, it is very likely that Mitrovic's login information was stolen. The attacker could have created a fake login page to trick Mitrovic into entering personal information. They could even use malware to steal cookies and bypass two-factor authentication. This is a very sophisticated and dangerous trick, showing that cybercriminals are becoming more and more cunning.

Using fake account recovery messages is a classic tactic used by cybercriminals to carry out phishing attacks. These scams will often lead customers to a fake login portal where their login credentials are collected.

"While there are many ways to protect against scams, our best weapon is vigilance," Mitrovic advises. "Always double-check information, especially when it comes to personal accounts. And if you're unsure, ask a trusted friend or relative for advice."

With the rapid advancement of AI technology, phishing attacks are now more sophisticated than ever. AI can create fake calls, emails or text messages that are so realistic that it is difficult for users to differentiate between real and fake. Therefore, it is extremely necessary to maintain vigilance and skepticism to protect yourself from these increasingly sophisticated scams.