Cybersecurity experts have raised alarms about a sophisticated new scam targeting Gmail users worldwide. This AI-powered attack uses deepfake robocalls and deceptive emails to trick victims
into handing over sensitive information, including their Gmail login credentials.
How the Scam Works
The scheme begins with an automated phone call claiming suspicious activity has been detected on the recipient’s Gmail account. Victims are then told to expect an email with steps to "secure" their account. However, the email contains a link to a fake Google login page designed to steal login details.
According to cybersecurity analysts, the primary goal of this attack is to obtain users’ Gmail recovery codes, which hackers can then use to gain full access to accounts. Once compromised, all connected services—such as banking apps, cloud storage, and social media—become vulnerable.
The FBI has warned that such scams can result in severe financial losses, identity theft, and reputational damage.
AI-Driven Attacks Becoming More Advanced
A report by Malwarebytes highlights the growing use of AI by cybercriminals. The study reveals that highly convincing deepfake scams can be created in under 10 minutes at an alarmingly low cost.
“None of the individual tactics in this attack are new, but their combination makes this scam particularly dangerous,” the researchers cautioned.
Protect Yourself From This Scam
To avoid falling victim to these AI-powered scams, cybersecurity experts recommend the following precautions:
Never click on links or download attachments from unsolicited emails or messages.
Verify URLs before entering personal information—Google login pages always start with https://accounts.google.com/.
Use a password manager to autofill credentials only on legitimate websites.
Monitor accounts for signs of unauthorized access or data leaks.
Additional Warnings from the FBI
In a related advisory, the FBI has urged smartphone users to immediately hang up if they receive a suspicious call claiming to be from a bank, government agency, or law enforcement. Scammers are now using caller ID spoofing to impersonate trusted institutions, increasing their credibility.
Authorities on Long Island, New York, have already reported multiple cases where scammers posed as local police officers, threatening victims with arrest warrants unless they sent money.
If you receive such a call:
- Do not provide any personal information.
- Do not press any buttons.
- Hang up immediately.
- Call the real organization using a verified phone number.
As cybercriminals continue to refine their tactics, staying vigilant is more important than ever. By following these security measures, Gmail users can reduce their risk of falling prey to these increasingly sophisticated scams. Photo by Stock Catalog, Wikimedia commons.