Despite increasingly sophisticated security, scammers continue to find new techniques to hack accounts GoogleGoogle. An ongoing campaign uses good old social engineering to convince victims to give them access. The difference this time is that they use artificial intelligence to impersonate Google.
Sam Mitrovic, consultant en solutions MicrosoftMicrosoft and founder of CloudJoy, detailed the attack on his blog after being targeted. Living in Australia, he first receives an account recovery notification GmailGmail from the United States, followed by a missed call from Google Sydney. A week later, he again receives a notification followed by a call, except this time he picks up.
A voice that’s a little too perfect
On the line, a person with an American accent claiming to be from Google customer service. The number used corresponds to Google in Australia, but the man knows that it is possible to falsify it. His interlocutor tells him that someone has been using his account for a week and has downloaded all his data. He asks for confirmation by email, which he receives immediately. The email does come from a Google address, but again it is quite easy to fake.
Sam Mitrovic realizes that the voice is a little too perfect and that it is an AI. He hangs up. If the call had continued, the fake advisor would undoubtedly have asked the man to validate a new recovery attempt or to identify himself on a fake Google page to recover his password. Faced with new attacks that are not only sophisticated, but can be automated using AI, it is important to think about activatingtwo-factor authenticationtwo-factor authentication for all its accounts, when possible. Plus, Google will never call you in this kind of situation…
Related News :