All 1.8 billion Gmail users have been issued a ‘red alert’ over a scam that allows hackers to gain access to accounts......CONTINUE READING THE ARTICLE FROM THE SOURCE>>>>>
The attack employs AI to craft robocalls and malicious emails capable of bypassing security filters. The combination aims to convince victims that their Gmail account has been compromised.
Scam tactics and targeted users
Victims receive a phone call alerting them to suspicious activity detected in their account and are told to expect an email with steps to rectify the issue.
The email includes a fake website that closely resembles Google’s, prompting users to enter their login credentials.
Cybersecurity experts warned that the goal of this campaign is “to convince the target to provide the criminals with the user’s Gmail recovery code, claiming it’s needed to restore the account.”
This scam not only compromises Gmail accounts but also other services connected to the platform.
FBI and Malwarebytes warnings
The FBI stated that “these sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”
Malwarebytes published a report last week, emphasizing that the FBI’s warning “should not be taken lightly.”
The company highlighted that AI tools used by cybercriminals are relatively low-cost, with some advanced email attacks starting at just $5.
A study by McAfee’s State of Scamiverse found that a convincing fake can be created in under 10 minutes for a minimal cost.
Guidelines to avoid falling victim
While the FBI’s warning last year focused on threats using AI to create videos and emails to trick victims, Malwarebytes uncovered that hackers are now using robocalls and emails in the latest campaign.
“None of the elements used in the attacks are novel, but the combination might make the campaign extremely effective,” cybersecurity experts noted. Malwarebytes has issued guidelines for Gmail users to follow to avoid falling victim to the hackers’ tricks.
Users are urged never to click on links or download files from unexpected emails or messages and not to enter personal information on a website unless they are certain it is legitimate.
“Use a password manager to autofill credentials only on trusted sites,” Malwarebytes advised. “Monitor your accounts for signs of unauthorized access or data leaks.”