Described by one victim as the most sophisticated attack ever seen, all Gmail users are warned to take this hacking threat very seriously indeed.
Update, Feb. 1, 2025: This story, originally published Jan. 30, has been updated with further mitigation advice for spotting deepfake AI-powered threats, a statement from Google about the sophisticated Gmail attack, and a comment from a content control security expert.
against Google users have been reported. What a time to be alive if you are a criminal hacker, although calling this latest scary hacker alive is a stretch: be warned, this malicious AI wants your Gmail credentials.Imagine getting a call from a number with a Google caller ID from an American support technician warning you that someone had compromised your Google account, which had now been temporarily blocked. Imagine that support person then sending an email to your Gmail account to confirm this, as requested by you, and sent from a genuine Google domain. Imagine querying the phone number and asking if you could call them back on it to be sure it was genuine. They agreed after explaining it was listed on google.com and said there might be a wait while on hold. You checked and it was listed, so you didn’t make that call. Imagine being sent a code from Google to be able to reset your account and take back control and almost clicking on it. Luckily, by this stage, founder of Hack Club and the person who nearly fell victim, had sussed it was an AI-driven attack, albeit a very clever one indeed. If this sounds familiar, that’s because it is: I first warned about such AI-powered attacks against Gmail users on Oct. 11 in. The methodology is almost exactly the same, but the warning to all 2.5 billion users of Gmail remains the same: be aware of the threat and don’t let your guard down for even a minute. “Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats,” Spencer Starkey, a vice-president at SonicWall, said, “This requires a proactive and flexible approach to cybersecurity, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning.”All the usual phishing mitigation advice goes out the window — well, a lot of it, at least — when talking about these super-sophisticated AI attacks. “She sounded like a real engineer, the connection was super clear, and she had an American accent,” Latta said. This reflects the description in my story back in October when the attacker was described as being “super realistic,” although then there was a pre-attack phase where notifications of compromise were sent seven days earlier to prime the target for the call. The original target is a security consultant, which likely saved them from falling prey to the AI attack, and the latest would-be victim is the founder of a hacking club. You may not have quite the same levels of technical experience as these two, who both very nearly succumbed, so how can you stay safe?“Due to the speed at which new attacks are being created, they are more adaptive and difficult to detect, which poses an additional challenge for cybersecurity professionals,” Starkey said, “From a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring and on what devices.” For everyone else, consumers especially, stay calm if you are approached by someone claiming to be from Google support, and hang up, as they won’t call you. If in any doubt, use resources such as Google search and your Gmail account to check for that phone number and to see if your account has been accessed by anyone unfamiliar to you. Use the web client and scroll to the bottom of the screen where, bottom right, you’ll find a link to reveal all recent activity on your account. Finally, pay particular attention to what Google says about staying safe from attackers usingI am something of an evangelist when it comes to one single feature that is provided by Google to help protect your Gmail account from targeted attacks, including the kind of highly sophisticated AI-powered threat covered in this article. That feature is not as well-known as it should be, despite the best efforts of Google and the media to publicize it over the years, yes years, that it has been available. I’m talking about the, which is designed for high-risk account holders such as journalists, activists and politicians. However, it is also available to anyone, including you. Once enrolled in the Advanced Protection you will be required to use a passkey or hardware security key so as to verify your identity and sign in to your Gmail Account. “Unauthorized users won’t be able to sign in without them,” Google said, “even if they know your username and password.” Let’s just run that by again: signing into Gmail on any device requires the passkey when first used, which means that even if a hacker had got your username and account password using any kind of hacking technique, without the physical device that passkey is stored on, your smartphone in other words, and the biometrics needed to verify it, they could not sign in. Period. When you sign up for new apps or services, you’re often asked to give access to your information in your Google Account, like your Gmail contacts, for example. Although there are built-in protections already, as you would expect, the Advanced Protection Program takes things up a notch to prevent third-party impersonators from gaining access to your account and data. “Advanced Protection allows only Google apps and verified third-party apps to access your Google Account data,” Google said, “and only with your permission.” Other than these benefits, which shouldn’t negatively impact most users and the additional security protections outweigh any inconvenience for high-risk users anyway, Google said that you may find that you receive more alerts or warnings before downloading a file or installing an app and optional security features will be automatically enabled. “We’ve suspended the account behind this scam,” a Gmail spokesperson said, “we have not seen evidence that this is a wide-scale tactic, but we are hardening our defenses against abusers leveraging g.co references at sign-up to further protect users."Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.Insults, profanity, incoherent, obscene or inflammatory language or threats of any kindContinuous attempts to re-post comments that have been previously moderated/rejectedAttempts or tactics that put the site security at riskProtect your community.
Gmail Hack Attack Gmail AI Ai Hack Attack Gmail Security Gmail AI Security Phishing Gmail Support Google Support
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Gmail Security Threat Confirmed—Google Won’t Fix It, Here’s WhyAs Gmail AI security vulnerabilities come to the surface, why won’t Google fix the problem? Here’s what Google has to say.
Read more »
Why Google Won't Fix a Major Gmail Security VulnerabilitySecurity researchers revealed that Google's Gemini AI, integrated into Workspace products, is vulnerable to indirect prompt injection attacks. These attacks can affect platforms like Gmail, Google Slides, and Google Drive, enabling phishing and manipulation. Despite the potential for significant harm, Google has classified this as an 'Intended Behavior' and refused to address it.
Read more »
Gmail Security Threat Confirmed—Google Won’t Fix It, Here’s WhyAs Gmail AI security vulnerabilities come to the surface, why won’t Google fix the problem? Here’s what Google has to say.
Read more »
New Gmail Cyber Attack Warning As Private Key Hackers StrikeThis new cyber attack has Gmail firmly at its center, abusing user trust in the world’s biggest email platform—here’s what you need to know.
Read more »
New Hacking Disaster Warning For Gmail, Outlook, Apple Mail UsersDon’t become a victim of this nasty new crime—here’s what you need to know.
Read more »
New Hacking Disaster Warning For Gmail, Outlook, Apple Mail UsersDon’t become a victim of this nasty new crime—here’s what you need to know.
Read more »