Scammers use AI to create scarily convincing phishing calls
A security expert has recounted how close he came to being fooled by a new AI-based scam call that aimed to get his Gmail account details.
Scammers tried to gain control of a security expert's Gmail account
There were already scam ChatGPT apps on the App Store, but now artificial intelligence has been deployed by scammers in what expert Sam Mitrovic describes as "super realistic."
"People are busy and this scam sounded and looked legitimate enough that I would give them an A for their effort," wrote Mitrovic in a blog post. "Many people are likely to fall for it."
"Despite many red flags upon closer inspection, this call seemed legitimate enough to trick many people," he continued. "My guess is that their conversion rate from calls answered would be relatively high."
For Mitrovic, it began with a notification to approve a Gmail account recovery attempt. Mitrovic ignored both that and a missed call apparently from Google Sydney.
A week later, the same notification appeared and 40 minutes later, he got a call that he did answer. The seven-day gap was significant, because the caller told him that there had been suspicious activity on his account for a week.
While this polite, professional, American male voice asks if Mitrovic could have been accessing his account from overseas, the security expert is Googling the phone number the call is coming from. It's a legitimate Google number, although Mitrovic notes that numbers can be spoofed.
In this case, however, the Google number was for calls specifically regarding Google Assistant, not the Gmail account he was being asked about. So Mitrovic asks the caller to send him an email.
"He politely says he will do so and to give him a moment," continues Mitrovic. "In the background, I can hear someone typing... After a few moments, the email arrives and at first glance the email looks legit."
It isn't, though. As Mitrovic is noticing that the address is not from a Google domain, the caller said "Hello."
"I ignored it... then about 10 seconds later, [the voice] said 'Hello' again," says Mitrovic, and that's when the security expert hung up. "At this point [I realised it was] an AI voice as the pronunciation and spacing were too perfect."
"The scams are getting increasingly sophisticated, more convincing and are deployed at ever larger scale," cautions Mitrovic.
To avoid being taken in, he notes that there were several clues, starting with how he received account recovery notifications that it hadn't initiated. He also notes that Google does not phone Gmail users unless you have a Google Business Profile too.
The spoofing of a phone number and an email address is scary enough, but that the entire call was an AI voice is sobering. Ironically, it may mean that scammers employ fewer people in future, but it also means that hundreds or thousands of such calls could be being made simultaneously
Other than the AI aspect, though, phone spoofing and phishing calls are not new. Previously scammers have pretended to be from Apple Support, for instance.
Read on AppleInsider
Comments
But even If it's a number and voice you recognize, that's not going to be enough. Perhaps we need to setup challenge questions to verify the communication with friends and family.
But all of that is just the "throw shit at the wall and see what sticks" method. If you are targeted because other info has been gleaned, like if I posted on a website that I need assistance with something or was simply complaining about it in detail on a forum, and then that username was connected to other accounts which lead to personal info I could be targeted. I doubt your Mike1 username is as anonymous as you think it is. Even just a bug in the forum system that could lead your IP address to a location could be used to find enough information about you to target you.
But I digress since most attacks aren't yet that sophisticated, but they don't need to be with the phishing method being being such a passive way to attack people with little effort, but advancements in AI will continue to make these methods harder to detect.
sobering stuff!
Just about all the things mentioned in that poem’s existential dread has existed for as long as humanity has. The only things that have changed are speed and quantity.
So, before running off to burn your local heretics, maybe take a breather and consider the history of humanity and technology. It’s been neither Utopia nor Hell. Just a mixed bag that most of us would find difficult to live outside of, within a range.
Insider’s article raises some interesting points. Let’s all please be knowledgeable — not afraid.