Estimated reading time: 3 minutes
A recent event, to which Sam Mitrovic has drawn attention in his blog on the use of artificial intelligence, illustrates the problem of differentiating between genuine AI stirrings and other forms of scam calls. Through suspicious notifications and phone calls that replicated Google legit communication, Mitrovic was in [some sort of] danger of losing his Google account.
The events started with a message related to the Gmail account recovery attempt from the United States IP address. This was then supplemented with a call missed from a number that read “Google Sydney” from the caller ID. Another request for account recovery came through, and Mitrovic noticed that it originated from the US, and it was made about a week later. And this time he answered the call, which came from “Google Sydney.” They had a properly mannered American-sounding male voice that was originating from an Australian number.
The caller said there was some transactional activity going on in Mitrovic’s account and that this may have been an attempt made from Germany. Mitrovic was informed that his account data was downloaded based on prior message about account recovery. Most importantly, the phone number which has been used by ‘Google Sydney’ was documented in official Google materials demonstrating that the number was real.
Also Read
However, Sam insisted that the caller provides identification information. The caller sent an email that looked like it came from a Google domain, however, Mitrovic saw that the “To” section of the e-mail included an e-mail address that finished in “InternalCaseTracking.com” which is not a Google address. They also said that the caller speaks with what was described as a “too perfect” English. Mitrovic realized that it was a scam or a possible sign of an AI break through, he terminated the call. when he logged into his google account and tried to investigate any recent security activity the man only saw his own sessions. An analysis of the headers of the received email showed that, it had arrived from a source found associated with AWS. This finding opens up the likelihood of the email being sent via an online service typically employed by con artists.
Google is aware of the issues that are coming from AI scammers and is combating online scams by partnering with the Global Anti-Scam Alliance (GASA) and DNS Research Federation (DNSRF) to launch the Global Signal Exchange (GSE), a platform for sharing scams and fraud information. Google is also expanding its Cross-Account Protection tool, which helps protect users by sharing security notifications with apps and services linked to their Google accounts. However, this may not be enough because, according to The Lawstreet Journal, these AI companies have been targeting all 2.5 billion Gmail account holders. Google isn’t alone either, because even Apple customers are dealing with more advanced scammers.
It’s important to note that AWS itself is not involved in or responsible for fraudulent activities; rather, it is a service that was used. There are plenty of AI apps on the App Store that are used for scams, so it’s not going to stop anytime soon. The ability of scammers to mimic human voices and create realistic scenarios will likely make it much harder to distinguish legitimate calls and communications from frauds. So it’s better to always be very careful.
Source: Sam Mitrovic
