System Admin Stuff

Useful Posts Related to Windows,Unix,VMware,Veritas,Networking,Cluster etc.

Tuesday 15 October 2024

Don't Fall for This 'New' Google AI Scam

Tech headlines are abuzz this morning about a new AI scam targeting Google users. Forbes published a piece detailing two experiences with scammers, both of which involved likely AI-generated phone calls and multi-step schemes. Here's the thing, though: These scams aren't necessarily "new," and you should be wary of them—whether the actor purports to be from Google or not.

Watch out for these Google Account scams

Forbes' reporting highlights two specific but similar examples of this type of scam: One victim, Sam Mitrovic of Microsoft, received an alert regarding an account recovery request, which, when legitimate, are usually triggered when someone forgets their password. Because unprompted account recovery requests are often malicious in nature, Mitrovic ignore the alert, but received a phone call from "Google Support" just 40 minutes later. Mitrovic ignored this call, too, but soon after, received another alert followed 40 minutes later by a "Google Support" call.

This time, Mitrovic answered, to find a "representative" with an American accent who asked if Mitrovic had traveled recently, particularly to Germany. The answer was no, which lead the representative to warn Mitrovic that someone had been accessing their account from Germany for the past seven days, and had already downloaded data from the account. Mitrovic even googled the phone number "Google Support" was calling from, and found it lead to this official Google Support page. At first glance, you might think that confirms this is actually Google Support, but read the page closer, and you'll see this phone number is the number Google Assistant calls businesses from, not Google Support. This was, in the end, a scam.

Forbes' other example concerns Garry Tan, founder of Y Combinator, who reports he was also targeted in a similar scam. Tan also received a call from "Google Support," claiming that they had Tan's death certificate, and a family member was trying to use it to access Tan's account. Google Support was calling to both confirm that Tan was actually alive, and to share an account recovery request that Tan could use to "confirm" his account was active. That last bit is the real scam: Tan highlights that the account recovery request was definitely fraudulent, as the "device" the request was coming from said Google Support, not an actual device. Someone is spoofing that field, and if Tan had hit "Yes, it's me" on the alert, the attacker would have been able to reset the password on Tan's Google Account.

While it can't be confirmed, it appears the phone calls used in each example were AI-powered. Mitrovic and Tan both confirm the voices were convincing, but in Mitrovic's case, the "caller" said "hello," and, after no response, said "hello" the same way again. That, coupled with perfect pronunciation and spacing, convinced Mitrovic the voice was actually AI—telltale signs of generative AI-powered audio.

In practice, this scam is nothing new

While the news is buzzing about this new type of AI-powered scam, the underlying tactics here are pretty classic. You can protect yourself by knowing what to look out for, whether the attackers use AI or not.

First, big tech companies like Google simply don't call you out of the blue to warn you about a potential security breach with your account. In fact, Google, and companies like it, are notorious for their lack of human-based support in general. If you can't get in touch with a real person when you knowingly need help, there's no shot a Google rep is going to reach out to you first. So, whether it's a convincing AI-powered voice on the other end of the phone, or a pretty terrible human actor pretending to be a live Google representative, receiving a call from a company like this should be a large enough red flag to ignore the situation.

On the flip side, we have the account recovery request. This is a textbook scam method: Trigger an account recovery alert on the user's end, and convince them accepting it means they're confirming their identity. That is simply not what this system is designed for, and it's what hackers are counting on you to fall for. Account recovery requests are supposed to be triggered by you whenever you are otherwise unable to access your account, perhaps in the event that someone has actually hacked your account. You tell Google that, and they send an account recovery request to your attached email address. You open that email, click "Yes, it's me," and you're able to continue on with your account recovery process. No one else is involved in the process, and the request isn't used for any other purpose.

Hackers, however, will pretend to be from Google Support, and say that this account recovery request is just a way to confirm your identity, or that your account is active. However, when you click that "Yes, it's me" button, what you've done is trigger the account recovery process on their end. They now have the power to get into your account, and potentially lock you out of it and steal your information.

Bottom line: If you did not trigger that account recovery alert yourself, it's not legitimate. Do not click on it.

If you're worried about being hacked

If you receive a phone call or a message like this, it's likely a bad actor looking for a phishing victim. Without your input, they will simply move on to another victim. However, it's not a bad idea to run through some steps to make sure your account is actively protected.

Focusing on Google, you can go to your Google Account's Security settings page to review a dashboard of your account's security health. Here's where you'll see all your active sessions, whether Google has any security alerts for you to manage, and settings for things like two-factor authentication, passwords, passkeys, recovery emails, and phone numbers, among others.

If you're worried about your account's current security level, look at your active sessions: This is where you're currently logged into. If you don't recognize a device or a location, you can click on it and sign that device out of your account. Just know if you're using a VPN, or Apple's iCloud Private Relay, you may see sessions from unknown locations on your trusted devices, as these services obfuscate where your actual internet traffic is coming from.

In addition, it's a great idea to change your password every now and then, and ensure you're using two-factor authentication (2FA). That way, if an attacker does figure out your password, you have a secondary authentication step that requires a trusted device—something the attacker likely does not have. Consider setting up passkeys as well, which combined the best of both worlds between passwords and 2FA.

At the end of the day, attackers employing these scams can't actually break into your account themselves—that's why they're targeting you. They need you to click on their malicious links or authenticate yourself on their behalf. So long as your password is strong, and you have other forms of authentication as a backup, the best way to avoid being a victim in these types of scams is to simply ignore them.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

ShortNewsWeb

Loading...

Blog Archive

Categories

'The Woks of Life' Reminded Me to Cook With All the Flavors I Love (1) 10 Scary Podcasts to Listen to in the Dark (1) 13 of the Best Spooky Episodes From (Mostly) Un-Spooky Shows (1) 1Password Now Generates QR Codes to Share Wifi Passwords (1) 2024 (15) 30 Movies and TV Shows That Are Basically 'Competence Porn' (1) 30 of the Most Obscenely Patriotic Movies Ever (1) 31 Spooky Movies to Watch Throughout October (1) 40 Netflix Original Series You Should Watch (1) 55 Box Office Bombs Totally Worth Watching (1) Active Directory (1) Adobe's AI Video Generator Might Be as Good as OpenAI's (1) AIX (1) and I'd Do It Again (1) and Max Bundle Isn't a Terrible Deal (1) Apache (2) Apple Intelligence Is Running Late (1) Apple Intelligence's Instructions Reveal How Apple Is Directing Its New AI (1) August 18 (1) August 4 (1) August 5 (1) Backup & Restore (2) best practices (1) bleepingcomputer (49) Blink Security Cameras Are up to 68% Off Ahead of Prime Day (1) CentOS (1) Configure PowerPath on Solaris (1) Documents (2) Don't Fall for This 'New' Google AI Scam (1) Don't Rely on a 'Monte Carlo' Retirement Analysis (1) Eight Cleaning Products TikTok Absolutely Loves (1) Eight of the Best Methods for Studying so You Actually Retain the Information (1) Eight Unexpected Ways a Restaurant Can Mislead You (1) Elevate Your Boring Store-Bought Pretzels With This Simple Seasoning Technique (1) Everything Announced at Apple's iPhone 16 Event (1) file system (6) Find (1) Five Red Flags to Look for in Any Restaurant (1) Flappy Bird's Creator Has Nothing to Do With Its 'Remake' (1) Four Reasons to Walk Out of a Job Interview (1) Four Signs Thieves Are Casing Your House (1) gaming (1) Hackers Now Have Access to 10 Billion Stolen Passwords (1) How I Finally Organized My Closet With a Digital Inventory System (1) How to Cancel Your Amazon Prime Membership After Prime Day Is Over (1) How to Choose the Best Weightlifting Straps for Your Workout (1) How to Keep Squirrels Off Your Bird Feeders (1) How to Set Up Your Bedroom Like a Hotel Room (and Why You Should) (1) How to Take a Screenshot on a Mac (1) How to Take Full Control of Your Notifications on a Chromebook (1) Hulu (1) I Chose the Beats Fit Pro Over the AirPods Pro (1) If You Got a Package You Didn't Order (1) If You Hate Running (1) Important Questions (17) Install and Configure PowerPath (1) interview questions for linux (2) Is ‘Ultra-Processed’ Food Really That Bad for You? (1) Is Amazon Prime Really Worth It? (1) It Might Be a Scam (1) July 14 (1) July 21 (1) July 28 (1) July 7 (1) June 30 (1) LifeHacker (108) Linux (36) Meta Releases Largest Open-Source AI Model Yet (1) Monitoring (3) music (688) My Favorite 14TB Hard Drive Is 25% Off Right Now (1) My Favorite Amazon Deal of the Day: Apple AirPods Max (2) My Favorite Amazon Deal of the Day: Google Nest Mesh WiFi Router (1) My Favorite Amazon Deal of the Day: Google Pixel 8 (1) My Favorite Amazon Deal of the Day: PlayStation 5 (1) My Favorite Amazon Deal of the Day: SHOKZ OpenMove Bone Conduction Headphones (1) My Favorite Tools for Managing Cords and Cables (1) Nagios (2) Newtorking (1) NFS (1) OMG! Ubuntu! (688) Oracle Linux (1) oracleasm (3) osnews (23) Password less communication (1) Patching (2) Poaching Is the Secret to Perfect Corn on the Cob (1) powerpath (1) Prioritize Your To-Do List By Imagining Rocks in a Jar (1) Red Hat Exam (1) register (49) Rsync (1) Safari’s ‘Distraction Control’ Will Help You Banish (Some) Pop Ups (1) Samba (1) Scrcpy (1) September 1 (1) September 15 (1) September 2 (1) September 22 (1) September 23 (1) September 30 (1) September 8 (1) Seven Home 'Upgrades' That Aren’t Worth the Money (1) ssh (1) Swift Shift Is the Window Management Tool Apple Should Have Built (1) System hardening (1) Target’s ‘Circle Week’ Sale Is Still Going After October Prime Day (1) Target’s Answer to Prime Day Starts July 7 (1) Tech (9537) Tech CENTRAL (18) Technical stories (104) technpina (6) The 30 Best Movies of the 2020s so Far (and Where to Watch Them) (1) The 30 Best Sports Movies You Can Stream Right Now (1) The Best Deals on Robot Vacuums for Amazon’s Early Prime Day Sale (2) The Best Deals on Ryobi Tools During Home Depot's Labor Day Sale (1) The Best Early Prime Day Sales on Power Tools (1) The Best Movies and TV Shows to Watch on Netflix This Month (1) The Best October Prime Day Deals If You Are Experiencing Overwhelming Existential Dread (1) The Best Places to Go When You Don't Want to Be Around Kids (1) The Best Strategies for Lowering Your Credit Card Interest Rate (1) The Best Ways to Store All Your Bags and Purses (1) The Latest watchOS Beta Is Breaking Apple Watches (1) The New Disney+ (1) The Two Best Times of Year to Look for a New Job (1) These Meatball Shots Are My Favorite Football Season Snack (1) These Milwaukee Tools Are up to 69% off Right Now (1) This Google Nest Pro Is 30% Off for Prime Day (1) This Peanut Butter Latte Isn’t As Weird As It Sounds (1) This Tech Brand Will Get the Biggest Discounts During Prime Day (1) Three Quick Ways to Shorten a Necklace (1) Three Services People Don't Know They Can Get From Their Bank for Free (1) Today’s Wordle Hints (and Answer) for Monday (4) Today’s Wordle Hints (and Answer) for Sunday (11) Try 'Pile Cleaning' When Your Mess Is Overwhelming (1) Try 'Rucking' (1) Ubuntu News (345) Ubuntu! (1) Unix (1) Use This App to Sync Apple Reminders With Your iPhone Calendar (1) veritas (2) Videos (1) Was ChatGPT Really Starting Conversations With Users? (1) Watch Out for These Red Flags in a Realtor Contract (1) Wayfair Is Having a '72-Hour Closeout' Sale to Compete With Prime Day (1) We Now Know When Google Will Roll Out Android 15 (1) What Is the 'Die With Zero' Movement (and Is It Right for You)? (1) What Not to Do When Training for a Marathon (1) What's New on Prime Video and Freevee in September 2024 (1) Why Your Home Gym Needs Adjustable Kettlebells (1) Windows (5) You Can Easily Add Words to Your Mac's Dictionary (1) You Can Get 'World War Z' on Sale for $19 Right Now (1) You Can Get a Membership to BJ's for Practically Free Right Now (1) You Can Get Beats Studio Buds+ on Sale for $100 Right Now (1) You Can Get Microsoft Visio 2021 Pro on Sale for $20 Right Now (1) You Can Get This 12-Port USB-C Hub on Sale for $90 Right Now (1) You Can Get This Roomba E5 Robot Vacuum on Sale for $170 Right Now (1) You Can Hire Your Own Personal HR Department (1) You Can Set Different Scrolling Directions for Your Mac’s Mouse and Trackpad (1)

Recent Comments

Popular Posts

Translate

My Blog List

Popular

System Admin Share

Loading...

Total Pageviews

Copyright © System Admin Stuff | Powered by Blogger
Published By Blogger Template | Design By ThemePix.com | Blogger Theme By Premium Blogger Templates