A security expert recounted how he almost got scammed by a new AI-powered scam call to get his Gmail account information. There is already a ChatGPT app for scams on the App Store, but now the crooks have deployed artificial intelligence, which expert Sam Mitrovic calls "super realistic."
In a blog post, Mitrovic wrote: "People are busy, and this scam sounds and looks real enough that I'll give them an A for their efforts." A lot of people are likely to be fooled."
"Although a closer look reveals many suspicious points, the call seems plausible enough to fool many people," he continued. "My guess is that they will have a relatively high conversion rate for answering calls."
For Mitrovic, it all started when he received a notification asking him to approve the attempt to reinstate his Gmail account. Mitrovic ignored this and received a missed call apparently from Google's Sydney branch.
A week later, the same notification appeared, and 40 minutes later, he received a phone call, but he did answer. The seven-day interval is very important because the caller told him that it had been a week since he had suspicious activity on his account.
When the polite, professional United States male voice asked Mitrovic if it was possible to access his account from overseas, the security expert was Googling the phone number for the caller. This is a legitimate Google number, of course this may be fake. But in this case, the Google number is a phone specifically for the Google Assistant, not the Gmail account he was asked for. Therefore, Mitrovic asked the caller to send him an email.
He politely said he would do it, please give him a moment. In the background, I heard someone typing...... After a while, the email arrived, and at first glance, the email seemed genuine. But that's not the case. Just when Mitrovic noticed that the address was not from Google, the caller said "Hello."
Mitrovic said: "I didn't pay attention...... After about 10 seconds, (the voice) said 'hello' again. That's when the security expert hung up.
"That's when [I realized] it's an AI voice because it's so perfectly pronounced and spaced. This scam is getting more sophisticated, more convincing, and bigger and bigger. "
To avoid being scammed, he pointed out that there were several clues, the first being how he received the account recovery notification, which it didn't send out on its own initiative. He also pointed out that Google doesn't call Gmail users unless they also have a Google business profile.
Fake phone numbers and email addresses are scary enough, but the entire call is made with AI voice, which is alarming. Ironically, this could mean that the crooks will hire fewer people in the future, but it also means that hundreds or thousands of these calls could be made at the same time.
In addition to the artificial intelligence aspect, phone spoofing and phishing are nothing new. For example, there have been scammers pretending to be from the Apple Support Center before.