Oct. 15 (Portalitc/EP) –
Malicious actors have started using security tools Speech generative Artificial Intelligence (AI) to trick users Posing as Google support, getting users’ approval and taking over their Gmail accounts.
Microsoft security products expert and founder of the consulting firm CloudJoy, Sam Mitrovic, has warned that cybercriminals have managed to obtain caller IDs associated with the company to appear legitimate and contact users.
The fraud, of which Mitrovic was the target, originated from receiving a notification to approve a Gmail account recovery attempt, the request for which originated in the United States. After rejecting it and after about 40 minutes, he received a call, which identified itself on his terminal as ‘Google Sydney’.
A week later, the expert again received another notification to approve the recovery of his Gmail account, also from the United States. After ruling it out, they called him again with an Australian number after half an hour, as he explained. on his blog.
This time he did answer it and, on the other side, a voice with an American accent was heard, “very polite and professional.” After introducing himself as a Google technical service professional, he told him that he had detected suspicious activity in your email account.
After trying to find out certain information, such as knowing if Mitrovics is traveling, the alleged Google operator told him that someone had had access to his Gmail account for a week and that had downloaded your dataa period of time that coincided with the previous call.
The cybersecurity expert verified in the official website from Google that the number associated with the firm’s support service corresponding to Australia was the same as that reflected on his mobile phone.
However, to verify the legitimacy of the call, he requested to the operator to send him an email in which the alleged incident registered in his account was indicated and he did so, with a sender that included a Google domain.
Despite this, the researcher admitted that he was aware that it was relatively easy to falsify both a telephone number – despite the fact that during the call a noise similar to that of any call center was heard in the background – and an email.
Thus, he noticed that the ‘To’ field included an email address with a domain that does not belong to the firm ‘[email protected]’. On the other hand, during the course of the call he discovered that it could be generated with an AI tool “because the pronunciation and spacing” between one word and another “were too perfect.”
Once he hung up on the alleged technical service, he accessed the Login Activity section of his Gmail profile, included in the ‘Manage your Google Account’ option, where he saw that the only login sessions were his own.
He then reviewed the email he had received again and saw how the sender email address was spoofed using Salesforce CRM, which allows them to set the sender address and send communications through Gmail and Google servers.
To finish off his investigation, he found that other Reddit users had received an email similar to yours and that he used the Reverse Australia reverse phone lookup tool with the sender’s phone number. Then, he discovered that another user had fallen for the scam, believing it to be a legitimate communication.
In this sense, he commented that, if he had remained on the call long enough, he would have chosen to approve the account recovery notification, because both the person and the phone number and email used for the campaign did not They seemed fake. With this permission, cybercriminals would have gained control of it.
Likewise, he has pointed out what are the indications thanks to which he determined that it was a possible attack, such as the receipt of notifications of recovery of accounts that did not start or the lack of active sessions in your Google account other than the one you were using. Finally, he recalled that Google does not call Gmail users if they do not have a business profile.
Add Comment