Warning to all 1.8bn Gmail users over ‘devastating’ scam stealing banking and sensitive data

All 1.8 billion Gmail users have been issued a ‘red alert’ over a scam that lets hackers gain access to accounts.

The attack uses AI to craft deepfake robocalls and malicious emails capable of bypassing security filters.

The combination works to convince victims their Gmail account has been compromised.

Users receive a phone call that suspicious activity was detected in their account and are told an email is soon to follow with steps to rectify the issue.

The email includes a fake website that looks identical to Google’s, which prompts users to enter their login credentials.

Cybersecurity experts warned that the goal of this campaign ‘is to convince the target to provide the criminals with the user’s Gmail recovery code, claiming it’s needed to restore the account.’ 

But it is not just Gmail accounts that arecompromised, all other services connected to the platform are also open to hackers.

The FBI said: ‘These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.’

Malwarebytes published a report last week, telling Gmail users that the FBI’s warning ‘should not be taken lightly.’ 

‘This is especially because the AI tools that cybercriminals have at their disposal are relatively low cost: In one study, researchers found that the cost of advanced and sophisticated email attacks starts at just $5,’ the company added.

That study, conducted by McAfee’s State of Scamiverse, found a convincing deepfake can be made in less than 10 minutes for cheap.

While the FBI’s warning last year focused on threats using AI to create videos and emails to trick victims, Malwarebytes uncovered how hackers are using robocalls and emails in the latest campaign. 

‘None of the elements used in the attacks are novel, but the combination might make the campaign extremely effective,’ the cybersecurity experts shared.

Malwarebytes has also issued guidelines for Gmail users to follow in order to not fall victim to the hackers’ tricks.

The researchers urged users to never click on links or download files from unexpected emails or messages and not to enter personal information on a website unless they are 100 percent sure it is legitimate. 

‘Use a password manager to autofill credentials only on trusted sites,’ Malwarebytes said. ‘Monitor your accounts for signs of unauthorized access or data leaks.’

The attack uses both deepfake robocalls and emails that can bypass security filters 

 The FBI issued a warning for iPhone and Android users this month about a string of new scams that could put bank accounts and personal data at risk.

They agency said smartphone users should hang up immediately if they receive this specific type of call, in which the scammer is pretending to be someone they’re not.

The new scheme is more advanced than previous scam calls because scammers are using ‘spoof’ caller ID technology to impersonate banks and law enforcement agencies across the country.

The scam is far-reaching and scammers could be pretending to be anyone, even members of your local police department.

Authorities on Long Island, New York said: ‘Detectives have been made aware of at least three incidents during which a resident was contacted by phone by a caller identifying themselves as a member of the Suffolk County Police Department who says the resident has a warrant for their arrest and for them to send money.’

FBI officials add that anyone receiving such a call should avoid giving out any personal information to the caller and don’t press any buttons on your phone – simply end the call immediately.

If you suspect a scammer tried to use this tactic on you, call the real organization the scammer was claiming to represent at their verified phone number.