Users are becoming victims of a sophisticated AI-based account takeover scam that meticulously impersonates Google staff over several weeks.
Sam Mitrovic, an IT consultant and tech blogger, recently shared his experience with such a scam. Initially, Mitrovic received a Gmail account recovery notification, which he declined. Subsequently, he received a call displaying “Google Sydney” on the caller ID, which he also declined.
The following week, Mitrovic encountered a similar scenario: another recovery notification followed by a call from an Australian number. This time, he answered. The caller, with a polite and professional American accent, informed him of suspicious activity on his account, including unauthorized access and data downloads—a scenario reminiscent of the previous incident.
Mitrovic conducted thorough checks. He verified that the caller’s number matched Google’s official IT support number in Australia and requested a confirmation email, which appeared legitimate initially. However, further scrutiny revealed that the email originated from a cleverly disguised fake domain, a common spoofing technique.
After checking his Google account history and finding no unusual login activity, Mitrovic realized the caller’s voice was AI-generated—too perfect in its cadence and pronunciation. His subsequent online search revealed others had encountered similar scams, as evidenced on platforms like Reddit and the Australian message board, ReverseAustralia.
Mitrovic advises maintaining vigilance, conducting basic checks, and seeking assistance from trusted sources to combat these sophisticated scams.