Cybercriminals Are Using AI to Impersonate Google Support, Tricking Users into Giving Up Their Credentials
Global Security Alert: Gmail Users Targeted by AI-Powered Phishing Scam
Gmail has issued an urgent security warning to its 2.5 billion users worldwide regarding a sophisticated AI-driven hacking attempt that exploits voice phishing (vishing) tactics. Cybercriminals are posing as Google support agentsusing advanced AI-generated voices and spoofed caller IDs to manipulate users into surrendering their account credentials.
The scam is designed to appear highly convincingas attackers use legitimate-sounding email addresses and official-looking recovery codes to lure victims into their trap.
How the Gmail AI Hack Works
Step 1: Fraudulent Google Support Call
The caller ID appears as Google Supportmaking it seem legitimate. The hacker, impersonating a Google representativeclaims that your Gmail account has been compromised. They inform you that they are initiating an account recovery process.
Step 2: Fake Account Recovery Email
The scammer sends an email to your Gmail account that looks like an official Google security alert. This email contains a recovery codemaking the request seem authentic.
Step 3: Gaining Access to Your Gmail Account
The scammer asks you to read back the recovery code sent to your email. Once you provide the code, they use it to reset your passwordeffectively locking you out of your own account.
Users Who Detected the Scam in Time
Hack Club Founder Sensed the Fraud
Western latta, founder of Hack Clubwas one of the first to detect the scam. Speaking to Forbes, he said:
“She sounded like a real engineer, the connection was super clear, and she had an American accent.”
Despite the voice’s authenticityhe realized it was an elaborate scam designed to extract login credentials and steal Gmail accounts.
Tech Entrepreneurs Also Targeted
Garry Tanthe founder of venture capital firm Y Combinatoralso faced the scam. He later posted on X (formerly Twitter):
“They claim to be verifying that you are alive and that a fraudulent death certificate was filed to let a family member recover your account. It’s an elaborate attempt to trick you into allowing password recovery.”
Microsoft solutions consultant Sam Mitrovic also experienced a similar scam. He recalled:
“The call came from an Australian number. The voice was polite and professional. I even verified the phone number on an official Google support page. They claimed there was suspicious activity on my account from Germany and offered to help me secure it.”
Fortunately, he realized the follow-up email was suspiciousand he immediately ceased all communication.
Expert Warnings on AI-Powered Cyber Attacks
Spencer Starkey, Vice President at SonicWallcautioned:
“Cybercriminals are constantly developing new tactics to exploit vulnerabilities and bypass security controls. Companies must quickly adapt with regular security assessments, threat intelligence, and incident response planning.”
AI-generated deepfake voices are becoming increasingly common in cyber fraud. Attackers use AI to clone human voicesmaking scams more believable than ever before.
How to Protect Yourself from AI-Based Gmail Hacks
Google Never Calls Users for Account Recovery – If you receive a call from “Google Support,” hang up immediately. Verify Security Alerts Directly – Instead of responding to emails or calls, log in to your Gmail account and check for official security notifications. Check for Unauthorized Access – Scroll to the bottom-right corner of Gmail’s web interface and click on “Last account activity” to see recent logins. Enable Two-Factor Authentication (2FA) – Always activate 2FA to add an extra security layer. Use Official Google Support Pages – If you suspect suspicious activity, visit the Google Help Center via support.google.com.
