{"id":113413,"date":"2024-10-12T19:55:46","date_gmt":"2024-10-12T12:55:46","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=113413"},"modified":"2024-10-12T19:55:46","modified_gmt":"2024-10-12T12:55:46","slug":"new-gmail-security-alert-for-2-5-billion-users-as-ai-hack-confirmed","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=113413","title":{"rendered":"New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<figure class=\"embed-base image-embed embed-0\" role=\"presentation\"><figcaption><fbs-accordion><\/p>\n<p class=\"color-body light-text\">A new and dangerous AI threat for all Gmail users is seen in the wild<\/p>\n<p><\/fbs-accordion><small>SOPA Images\/LightRocket via Getty Images<\/small><\/figcaption><\/figure>\n<p><em>Update, Oct. 12, 2024: This story, originally published Oct. 11, includes details of a new anti-scam alliance initiative from Google to help users fight fraudsters.<\/em><\/p>\n<p>Google has implemented <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/04\/12\/google-confirms-major-gmail-ai-security-update-for-3-billion-users\/\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/04\/12\/google-confirms-major-gmail-ai-security-update-for-3-billion-users\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/04\/12\/google-confirms-major-gmail-ai-security-update-for-3-billion-users\/\" aria-label=\"increasingly sophisticated protections\" rel=\"noopener\">increasingly sophisticated protections<\/a> against those who would <a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/30\/urgent-24-hour-new-gmail-app-password-warning-for-windows-mac-iphone-users\/\" target=\"_self\" class=\"color-link\" title=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/30\/urgent-24-hour-new-gmail-app-password-warning-for-windows-mac-iphone-users\/\" data-ga-track=\"InternalLink:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/30\/urgent-24-hour-new-gmail-app-password-warning-for-windows-mac-iphone-users\/\" aria-label=\"compromise your Gmail account\" rel=\"noopener\">compromise your Gmail account<\/a>\u2014but hackers using AI-driven attacks are also evolving. According to Google\u2019s own figures, there are currently more than 2.5 billion users of the Gmail service. No wonder, then, that it is such a target for hackers and scammers. Here\u2019s what you need to know.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">The Latest AI-Driven Gmail Attack Is Scary Good<\/h2>\n<p>Sam Mitrovic, a Microsoft solutions consultant, has issued a warning after almost falling victim to what is described as a \u201csuper realistic AI scam call\u201d capable of tricking even the most experienced of users.<\/p>\n<p>It all started a week before Mitrovic realized the sophistication of the attack that was targeting him. \u201cI received a notification to approve a Gmail account recovery attempt,\u201d Mitrovic recounts in <a href=\"https:\/\/sammitrovic.com\/infosec\/gmail-account-takeover-super-realistic-ai-scam-call\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/sammitrovic.com\/infosec\/gmail-account-takeover-super-realistic-ai-scam-call\/\" data-ga-track=\"ExternalLink:https:\/\/sammitrovic.com\/infosec\/gmail-account-takeover-super-realistic-ai-scam-call\/\" aria-label=\"a blog post warning other Gmail users\">a blog post warning other Gmail users<\/a> of the threat in question. The need to confirm an account recovery, or a password reset, is a notorious phishing attack methodology intended to drive the user to a fake login portal where they need to enter their credentials to report the request as not initiated by them.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-2\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/09\/gmail-hackers-take-control-of-2fa-email--number-heres-what-to-do\/\" target=\"_blank\" aria-label=\"Gmail Hackers Have Control Of 2FA, Email And Number? Here\u2019s What To Do\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/09\/gmail-hackers-take-control-of-2fa-email--number-heres-what-to-do\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Gmail Hackers Have Control Of 2FA, Email And Number? Here\u2019s What To Do<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/64e7031f115ba4a1a14af6bb\/960x0.jpg);\"\/><\/span><\/a><fbs-ad position=\"inread\" progressive=\"\" ad-id=\"article-0-inread\" aria-hidden=\"true\" role=\"presentation\"\/><\/p>\n<p>Unsurprisingly, then, Mitrovic wasn\u2019t falling for this and ignored the notification that appeared to originate from the U.S. and a missed phone call, pertaining to be from Google in Sydney, Australia, some 40 minutes later. So far, so relatively straightforward and easy to avoid. Then, almost exactly a week later, the fun started in earnest\u2014another notification request for account recovery approval followed by a telephone call 40 minutes later. This time, Mitrovic didn\u2019t miss the call and instead picked up: an American voice, claiming to be from Google support, confirmed that there was suspicious activity on the Gmail account.<\/p>\n<p>\u201cHe asks if I\u2019m traveling,\u201d Mitrovic said, \u201cwhen I said no, he asks if I logged in from Germany, to which I reply no.\u201d All of this to engender trust in the caller and fear in the recipient. This is when things turned dark fast and really rather clever in the overall scheme of phishing things. The so-called Google support person informed Mitrovic that an attacker had accessed his Gmail account for the past 7 days, and had already downloaded account data. This rang alarm bells as Mitrovic recalled the recovery notification and missed call from a week earlier.<\/p>\n<p>Googling the phone number he was being called from while speaking, Mitrovic discovered that it did, indeed, lead to Google business pages. This alone is a clever tactic likely to fool plenty of unsuspecting users caught up in the panic of the moment, as it wasn\u2019t a Google support number but rather about getting calls from Google Assistant. \u201cAt the start of the call, you&#8217;ll hear the reason for the call and that the call is from Google. You can expect the call to come from an automated system or, in some cases, a manual operator,\u201d the <a href=\"https:\/\/support.google.com\/business\/answer\/7690269?hl=en\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/support.google.com\/business\/answer\/7690269?hl=en\" data-ga-track=\"ExternalLink:https:\/\/support.google.com\/business\/answer\/7690269?hl=en\" aria-label=\"100% genuine page\">100% genuine page<\/a> helpfully informs the reader.<\/p>\n<p> <a class=\"embed-base color-body color-body-border link-embed embed-4\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/08\/google-confirms-new-gmail-security--boost-for-25-billion-users\/\" target=\"_blank\" aria-label=\"Google Confirms New Gmail Security  Boost For 2.5 Billion Users\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/08\/google-confirms-new-gmail-security--boost-for-25-billion-users\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Google Confirms New Gmail Security  Boost For 2.5 Billion Users<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/6572f1e5c6898fd9524d5474\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Lessons To Be Learned From This Gmail Hack Near Miss<\/h2>\n<p>Mitrovic did the right thing, or at least the next best thing to hanging up, and asked the supposed support guy to send an email confirmation\u2014an email which arrived soon after, from a Google domain and looking for all intents and purposes genuine. AT this point he noticed the to field contained a cleverly disguised address that wasn\u2019t actually a Google domain but could, once again, easily fool those not of a technical bent.<\/p>\n<p>The real giveaway for Mitrovic, however, was when the caller said hello and after no response said hello again. \u201cAt this point I released it as an AI voice as the pronunciation and spacing were too perfect,\u201d Mitrovic said.<\/p>\n<p>It\u2019s well worth reading <a href=\"https:\/\/sammitrovic.com\/infosec\/gmail-account-takeover-super-realistic-ai-scam-call\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/sammitrovic.com\/infosec\/gmail-account-takeover-super-realistic-ai-scam-call\/\" data-ga-track=\"ExternalLink:https:\/\/sammitrovic.com\/infosec\/gmail-account-takeover-super-realistic-ai-scam-call\/\" aria-label=\"the original blog\">the original blog<\/a> from Mitrovic as it contains much more technical detail and detective work that I don\u2019t have the space to cover in this report. Knowledge is everything, and the threat intelligence provided by this consultant is genuinely invaluable for anyone who might find themselves in a similar situation: forearmed is forewarned.<\/p>\n<p><a class=\"embed-base color-body color-body-border link-embed embed-6\" href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/25\/google-announces-new-gmail-security-move-for-millions\/\" target=\"_blank\" aria-label=\"Google Announces New Gmail Security Move For Millions\" rel=\"noopener noreferrer\" data-ga-track=\"forbesEmbedly:https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/09\/25\/google-announces-new-gmail-security-move-for-millions\/\"><span class=\"link-embed__info\"><span class=\"link-embed__provider\">Forbes<\/span><span class=\"link-embed__title\">Google Announces New Gmail Security Move For Millions<\/span><small class=\"link-embed__byline\">By <span class=\"link-embed__author\">Davey Winder<\/span><\/small><\/span><span class=\"link-embed__thumbnail-wrapper\"><span class=\"link-embed__thumbnail allow-inline-style\" style=\"background-image: url(https:\/\/specials-images.forbesimg.com\/imageserve\/66f291a1b2f2edd9a385e66e\/960x0.jpg);\"\/><\/span><\/a><\/p>\n<p>It\u2019s almost a certainty that the attacker would have continued to a point where the so-called recovery process would be initiated, in truth this would be a cloned login portal capturing user credentials and likely the use of some kind of session cookie stealing malware to bypass two-factor authentication if that was in place.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Google Launches The Global Signal Exchange To Fight Scammers<\/h2>\n<p>Google has announced that it has joined forces with the Global Anti-Scam Alliance and the DNS Research Federation to form a new initiative in the battle against scammers. The <a href=\"https:\/\/www.gasa.org\/global-signal-exchange\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/www.gasa.org\/global-signal-exchange\" data-ga-track=\"ExternalLink:https:\/\/www.gasa.org\/global-signal-exchange\" aria-label=\"Global Signal Exchange\">Global Signal Exchange<\/a> will act as an intelligence-sharing platform when it comes to scams and fraud, providing real-time insight into the cybercrime supply chain. As the first founding member of the Global Signal Exchange, Google hopes that the platform will become, in effect, a global clearinghouse for the kind of intelligence signals that are connected to bad actors and their attacks.<\/p>\n<p>Amanda Storey, senior director of trust and safety at Google said that the collaboration \u201cleverages the strengths of each partner.\u201d With GASA having an extensive existing network of interested stakeholders and the DNS Research Foundation a data platform with more than 40 million existing signals, \u201cGSE aims to improve the exchange of abuse signals, enabling faster identification and disruption of fraudulent activities across various sectors, platforms and services.\u201d<\/p>\n<p>The ultimate goal, Google confirmed, is to create a solution that not only operates at the almost unthinkable scale of the internet itself but does so in an efficient and, above all, user-friendly way. This means that qualifying organizations will be able to use it to hit back at scammers. Google already has plenty of experience in this field, with a long-established history of entering into partnerships to help fight fraud. Indeed, as part of the testing of the new Global Signal Exgcnage, Google shared more than 100,000 malicious URLs and consumed a staggering million scam signals for analysis. \u201cWe&#8217;ll start by sharing Google Shopping URLs that we have actioned under our scams policies,\u201d Nafis Zebarjadi, Google\u2019s account security product manager said, \u201cand as we gain experience from the pilot, we will look to add data soon from other relevant Google product areas.\u201d<\/p>\n<p>The Global Signal Exchange, or at least the engine that drives it, runs on the Google Cloud to enable all participants to share and consume intelligence signals while \u201cbenefiting from Google Cloud Platform&#8217;s Al capabilities to find patterns and match signals smartly,\u201d Storey concluded.<\/p>\n<h2 class=\"subhead-embed color-accent bg-base font-accent font-size text-align\">Staying Safe From The Most Advanced Of Gmail Scams<\/h2>\n<p>AI deepfakes are not just used for porn and politics, they are used to perpetrate seemingly straightforward account takeovers such as in this case. Stay calm if you are approached by someone claiming to be from Google support, they won\u2019t phone you so there\u2019s a massive red flag right away, and no harm will come to you if you hang up. Use the tools at your disposal, ironically Google search itself and your Gmail account, to make checks during the call if you are concerned its could be genuine and ignoring it could cause harm. Search for the phone number, see where it\u2019s really coming from. Check your Gmail activity to see what, if any, devices other than your own have been using the account. Take note of what Google says about <a href=\"https:\/\/support.google.com\/mail\/answer\/8253\" rel=\"nofollow noopener noreferrer\" target=\"_blank\" class=\"color-link\" title=\"https:\/\/support.google.com\/mail\/answer\/8253\" data-ga-track=\"ExternalLink:https:\/\/support.google.com\/mail\/answer\/8253\" aria-label=\"staying safe from attackers using Gmail phishing scams\">staying safe from attackers using Gmail phishing scams<\/a>. Most importantly, never let yourself be rushed into making a knee-jerk reaction, no matter how much urgency is injected into a conversation. It\u2019s that sense of urgency that the attackers rely upon to swerve your normal good judgement and click a link or give up credentials.<\/p>\n<\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/10\/12\/new-gmail-security-alert-for-billions-as-7-day-ai-hack-confirmed\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new and dangerous AI threat for all Gmail users is seen in the wild SOPA Images\/LightRocket via Getty Images Update, Oct. 12, 2024: This story, originally published Oct. 11, &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=113413\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-113413","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/113413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=113413"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/113413\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=113413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=113413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=113413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}