Gmail account holders have been warned about a highly advanced scam that targets their Google accounts and puts them at high risk of their accounts being taken over by hackers. The threatening scheme, which surfaced in May 2024, uses artificial intelligence to deceive the victims and steal their personal information. It even leads to identity theft in certain instances, making many innocent victims vulnerable.

The trick starts with highly convincing AI-generated calls, where it is alleged that the Gmail account of the user has been hacked. Then the victims receive what appears to be a genuine email at first glance, but often the sender looks like Google. When checked thoroughly, however, the emails are nothing near that.

When the unsuspecting Gmail users click on the given links, they can become victims of identity theft, financial scams, and other types of information theft.

One of the victims, Sam Mitrovic, spoke about his experience, explaining how more sophisticated the scams are now: “The scams are getting more and more sophisticated, more believable and are used at ever greater scale. People are time-poor, and this scam sounded and looked legitimate enough that I would give them an A for effort. Lots of people are likely to fall for it.”

The cunning ploys are not just highly professional, but also unexpected, thus they trick people into believing what they are being presented with amidst the hustle of an online world.

So how do Gmail users ensure their safety against such deadly scams?

One key point is to analyze the email address thoroughly. If an email address appears unusual or has strange numbers, it is a warning signal. Likewise, checking the telephone number of the sender for abnormalities can be a warning signal ahead of time.

Another suggestion is to look closely at any logos in the email. Legitimate organizations will have professional-looking logos that are in line with their official branding. If the logo appears fuzzy or distorted, it’s probably a scam.

Watch the language in the emails. Scammers tend to make obvious spelling or grammar errors, which can betray their fraudulent intentions.

If you place your cursor over a link or paste the URL into a document, you should be able to determine if it takes you to the right website. Scammers will conceal their actual destination by inserting unusual characters or words between the primary domain and the “.com” part of the URL. Watch out for URLs such as “Microsoft.maliciousdomainname.com,” as these are usually bogus.

Furthermore, if you’ve already replied to a suspicious email and receive a follow-up message that asks for payment or personal details, it’s a strong indication that you’re dealing with a phishing attempt. Scammers may use threats, such as demanding payment in cryptocurrency, to coerce their victims.

Some Gmail recipients last year have been reported to have received creepy photos of their homes on Google Maps as a means of intimidation to make them obey the scam requirements. This scammers’ practice of playing on the fear of the victim is just one of many ways they continue innovating in their tactics.

Barracuda cybersecurity experts have also noted the emergence of “sextortion” attacks, in which attackers threaten to post explicit content unless the target pays them, usually in Bitcoin. This attack is increasing in popularity, with sextortion comprising about 3% of all targeted phishing attempts.

The fraudsters, in these ploys, most commonly employ sensitive personal data for the purpose of establishing a notion of authenticity as well as persuading victims into making swift moves. An illustrative example involves the employment of customized information such as Google Map photos to attempt to make threats more tangible.

The development of such scams is a matter of serious concern because it signals an escalation to even more sophisticated and convincing approaches to cybercrime. In this ever-changing scenario, it is extremely important that one remains vigilant and uses a watchful attitude when approaching any unwanted communication, particularly for personal or financial details.

Once again, the best way to keep yourself safe on the Internet is to remain conscious of phishing and fraud signals. Spending the few extra moments required to check out the authenticity of messages and emails may make the difference between securing your information and being just another cybercrime statistic.