Approximately Two Billion Individuals Potentially Endangered by Emerging Deception
Internet users should stay alert. Fraudsters are increasingly pretending to be Google workers, promising assistance. Even someone skilled in Microsoft security services almost fell prey to the new trick. Criminals are utilizing advanced technology - automated computer and smartphone processes that can respond to speech - to obtain personal data from their targets. The intentions behind this data are currently unclear. However, due to the enormous user base of over two billion, care is essential. Once such information ends up in the wrong hands, it can be misused in large-scale shopping or contracts online.
The new strategy is subtle and challenging to identify. As reported by Microsoft expert Sam Mitrovic in his blog, he initially ignored an email asking him to confirm a login attempt. Since such tasks are common in online scams, Mitrovic didn't suspect anything. Almost an hour and a half later, his phone rang, with "Google Sydney" claimed to be the caller. Mitrovic, unfortunately, missed the call and soon forgot about it.
A week later, Mitrovic received the same email once again. "About 40 minutes later, I answer the call this time," the IT professional wrote in his blog. A polite and professional American voice was on the line, stating that there had been login activity from Germany in Mitrovic's account. Someone had supposedly accessed his digital mailbox for a week, downloaded account data, and Mitrovic had a flashback of the previous week's notification.
The "Gmail" Swindle: Operating Mechanisms
The alleged Google employee asked Mitrovic if he was traveling. The alleged login from Germany was mentioned. "He says that someone has had access to my account for a week and has downloaded the account data (I then get a flashback to the notification from a week ago)," Mitrovic recalls the situation. This was intended to prompt prompt action and disclosure of the two-factor authentication code. In the meantime, Mitrovic searched the phone number that had called him. To his surprise, it led to Google Australia's actual site.
Mitrovic requested his contact to send an email to confirm the process. After a brief pause, he found an email corresponding to the request in his inbox. At first glance, the email appeared legitimate, with the sender coming from a Google domain. However, Mitrovic noticed a secondary email address in the "To" field that did not belong to Google – a red flag.
Shortly after, the next event occurred: "The caller said 'Hello', I ignored it. About 10 seconds later, the voice said 'Hello' again. At this point, I recognized it as an AI voice, as the pronunciation and intervals were too identical." Mitrovic ended the call immediately. When he eventually returned home, he tried calling back, but only an answering machine answered, claiming to be "Google Maps".
Discovering the Scam in Gmail
When Mitrovic examined the device login records, he grew suspicious: No one had logged in from Germany. In the supposed confirmation email, the security expert recognized that the sender was not actually Google, despite superficial appearances. The same applied to the phone number: The displayed number was manipulated. Mitrovic was called from an entirely different number.
His Conclusion: "The scams are becoming more sophisticated, convincing, and are being used on a larger scale. This specific scam sounded serious enough that I'd give them a score of 1 for their effort. Many people might fall for it."
Mitrovic advised verifying phone numbers for incoming calls. Also, check the sender's details in emails if there is a suspicion of a scam. Often, the true address can be revealed with a single click. In general, the IT expert advised being skeptical if Google contacted you: This does not happen unless a business account had been set up, as explained in his blog. Consequently, the vast majority of the 2.5 billion Gmail users should hardly expect a call from Google.
In Mitrovic's experience, the scammer used a fake email asking for login confirmation, which he initially ignored due to its similarity to common online scams. Later, a call claiming to be from Google Sydney attempted to confirm a login attempt, but Mitrovic missed it and forgot about it.
Despite the scammer's use of advanced technology, including automated phone calls and manipulated phone numbers, Mitrovic managed to identify the scam by checking his login records and the sender's details in the email. He also advised others to verify phone numbers for incoming calls and be skeptical if they receive a call from Google, as such calls are rare for individual users.
Spam emails and calls are becoming more sophisticated and convincing, as shown by the "Gmail" Swindle, and it's crucial for Internet users to stay alert and verify information before taking any action.