Another high-tech scam targets Gmail account holders, apparently trying to fool even the most watchful eye. Microsoft Solutions Consultant Sam Mitrovic came close to falling into its trap recently when he received an unsolicited notice asking him to permit a Gmail account recovery that he did not initiate. He declined the request, and within nearly an hour, he received a call from a number that looked like it originated in Sydney and belonged to Google.
Read Also: Xbox Android app will start game sales next month
How the Gmail Scam Works
This phishing scam is meant to gain entry to your Gmail account and possibly more. Sam was confronted with the same situation a week after the first try. Around the same time of day, he received a recovery request yet again, which he refused. When the follow-up call arrived this time, he picked up the phone only to hear an American-accented man on the other end, though the call originated from Australia.
Read Also: Google Play’s Judgement Day – Does it matter?
He said suspicious activity on Sam’s account prompted them to ask if he had logged into it from Germany or was traveling—to make Sam feel his account had been compromised.
Then, the caller claimed someone had accessed his account for a week and downloaded account data.
Recognizing Scam Techniques
While following up on that number, he looked it up and discovered it was one of the legitimate contact numbers Google uses in Australia. However, the problem with this scam is that hackers can spoof numbers. He still took precautions. Sam requested that the caller’s email confirm who they were. That was agreed upon, so he listened to background noise that sounded like a call center.
Read Also: Google Gemini can finally make images again —here’s how to use it for free
The email seemed official upon first inspection, except for one address in the “to” field: GoogleMail at InternalCaseTracking dot com. It’s not coming from an actual Google domain. It then dawned on him that the caller’s voice was AI-generated. Realizing the situation, Sam quickly ended the call.
He opened up the whole investigation process and discovered that the email had been manipulated using Salesforce CRM, which allowed the sender to use any email address and shoot it through the Google servers. This technique added to the believability of a scam.
What Could Have Happened if He Fell for It
Had Sam fallen for the fake recovery request, the thieves would have been able to access his Gmail account. Another Reddit user reported an identical scam but did not fall for it. Unfortunately, not everybody has been so careful. Sam could even see the posts written by people who became victims of the scam, believing that Google was calling them.
Read Also: OpenAI Is Trying To Court Influencers With A New Head Of Creators’ Role
To avoid this kind of scam, do not allow anyone to gain access to recover your account if you did not initiate it. This scam will make you visit a fake login page and extract your real credentials. If you get any suspicious communication, check it by dialing the company number through Google search. It’s rather safer to double-check than lose in the trap of a scam artist.