Google Security Warning For 2.5 Billion Users—A I Hack Confirmed

image

Update, Jan. 31, 2025: This story, actually published Jan. 30, has been updated with a statement from Google about the complex Google AI assault along with comment from a content control security expert.

Hackers , images being used in novel episodes, and even permanent 2FA-bypass risks against Google customers have been reported. What a time to become alive if you are a legal hacker, although calling this latest terrible hacker intact is a stretch: become warned, this destructive AI wants your Google credentials.

Victim describes the most powerful phishing attack I’ve actually seen as the most recent Gmail threat.

Imagine being called by a variety with a Google caller ID from an American aid representative to alert you that your Google account had been partially blocked by anyone. Think that help representative confirming this message with a legitimate Google domain to your Google account, as requested by you. Think asking the phone number to verify that it was true and then requesting a call back. After explaining that it was on Google .com, they concurred and said there might be a delay while the keep is being held. You checked and it was listed, so you didn’t make that call. Imagine receiving a code from Google that will allow you to update your account, regain control, and about double-click on it. Luckily, by this stage , founder of Hack Club and the person who almost fell victim, had sussed it was an AI-driven attack, albeit a very brilliant one indeed.

If this sounds familiar, that’s because it is: I initially warned about like AI-powered attacks against Google users on Oct. 11 in . The strategy is nearly identical, but the message to all 2.5 billion Email users is the same: get aware of the threat and stay alert for the entire duration. ​

“Cybercriminals are constantly developing new tactics, techniques, and procedures to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats”, Spencer Starkey, a vice-president at SonicWall, said,” This requires a proactive and flexible approach to security, which includes regular security assessments, risk knowledge, risk management, and incident response planning”.

Mitigating The AI-Attacks Against Your Gmail Account Credentials

When talking about these extremely sophisticated AI attacks, all the conventional phishing mitigation advice is ignored, at least for a large portion. ” She sounded like a real engineer, the connection was super clear, and she had an American accent”, Latta said. This contrasts with the description in my October story, which stated that the attacker was” super realistic,” even though there was a pre-attack phase during which compromise notifications were sent seven days earlier to set the call’s target.

The first target was a security consultant, which likely prevented them from falling prey to the AI attack, and the most recent potential victim is the founder of a hacking club. How can you stay safe since you may not have nearly as much technical experience as these two, who both almost succumbed?

We have not seen any proof that this is a widespread scam, but we are strengthening our defenses against abusers who use g. co. references at sign-up, according to a Google spokesperson.

” Due to the speed at which new attacks are being created, they are more adaptive and difficult to detect, which poses an additional challenge for cybersecurity professionals”, Starkey said,” From a high-level business perspective, they must look to constantly monitor their network for suspicious activity, using security tools to detect where logins are occurring and on what devices”.

For everyone else, consumers especially, stay calm if you are approached by someone claiming to be from Google support, and hang up, as they won’t call you.

Use sources like Google and your Gmail account to look up that phone number and to check if anyone who is unfamiliar with your account has accessed it if in doubt. Use the web client to scroll to the bottom of the screen, where a link will appear at the bottom right to show all of your account’s most recent activity.

Finally, pay particular attention to what Google says about protecting yourself from hackers who use Gmail to phishing scams.

DNS checker

Leave a Comment