
Update, Jan. 31, 2025: This story, actually published Jan. 30, has been updated with a statement from Google about the complex Google AI assault along with comment from a content control security expert.
Hackers , images being used in novel episodes, and even permanent 2FA-bypass risks against Google customers have been reported. What a time to become alive if you are a legal hacker, although calling this latest terrible hacker intact is a stretch: become warned, this destructive AI wants your Google credentials.
Victim describes the most powerful phishing attack I’ve actually seen as the most recent Gmail threat.
Imagine being called by a variety with a Google caller ID from an American aid representative to alert you that your Google account had been partially blocked by anyone. Think that support representative sending an email to your Gmail account to verify this, as requested by you, and sent using a legitimate Google website. Imagine asking the phone number to verify that it was true by requesting a call back. After explaining that it was on Google .com, they concurred and suggested there might be a waiting period. You checked and it was listed, so you didn’t make that call. Imagine receiving a code from Google that will allow you to regain control of your account and practically taking control over it. Luckily, by this stage , founder of Hack Club and the person who almost fell victim, had sussed it was an AI-driven attack, albeit a very brilliant one indeed.
If this sounds familiar, that’s because it is: I initially warned about like AI-powered attacks against Google users on Oct. 11 in . The strategy is nearly identical, but the message to all 2.5 billion Email users is the same: become aware of the threat and stay alert for the entire duration.
“Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats”, Spencer Starkey, a vice-president at SonicWall, said,” This requires a proactive and flexible approach to security, which includes regular security assessments, risk knowledge, risk management, and incident response planning”.
Mitigating The AI-Attacks Against Your Gmail Account Credentials
When talking about these super-sophisticated AI attacks, all the conventional phishing mitigation advice is gone, at least for a lot of it. ” She sounded like a real engineer, the connection was super clear, and she had an American accent”, Latta said. This contrasts with the description in my October story when the attacker was described as being” super realistic,” even though there was a pre-attack phase during which notifications of compromise were sent seven days earlier to set the target for the call.
The first target was a security consultant, which likely prevented them from falling prey to the AI attack, and the most recent potential victim is the founder of a hacking club. How can you stay safe since you may not have quite the same level of technical experience as these two, who both very nearly succumbed?
We’ve suspended the account responsible for this scam, according to a Google spokesman.” We have not seen evidence that this is a widespread tactic, but we are strengthening our defenses against abusers leveraging g. co references at sign-up to further protect users,” the spokesperson said.
” Due to the speed at which new attacks are being created, they are more adaptive and difficult to detect, which poses an additional challenge for cybersecurity professionals”, Starkey said,” From a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring and on what devices”.
For everyone else, consumers especially, stay calm if you are approached by someone claiming to be from Google support, and hang up, as they won’t call you.
Use resources like Google Search and your Gmail account to look up that phone number and to see if anyone who is unfamiliar with your account has accessed it if in doubt. Use the web client to scroll to the bottom of the screen, where a link will appear at the bottom right to show all of your recent activity.
Finally, pay particular attention to what Google says about protecting against hackers who use Gmail to phish swindles.