A new, highly sophisticated form of phishing is alarming security experts. Cyber criminals are using artificial intelligence and sophisticated spoofing techniques in a new scam to deceive over 2.5 billion Gmail users.
Microsoft consultant Sam Mitrovic was recently the target of such a fraud attempt and documented his experiences in detail in a blog post. The attack began inconspicuously: “I received a notification to authorize a Gmail account recovery attempt,” Mitrovic reports. “About 40 minutes later, I received a missed call. The call showed the caller ID as ‘Google Sydney’.”
A week later, the scenario repeated itself and Mitrovic took the call. He describes: “It was an American voice, very polite and professional. The number was Australian.” The scammers had done their homework: “In the meantime, I googled the phone number, which led me to official Google documents. The number seemed legitimate, although I was aware of how easy it was to spoof the number.”
The deception went even further. Mitrovic explained: “Then I asked him to send me an e-mail. He politely said he would do so and that I should give him a moment.” The email came promptly: “At first glance, the email looked genuine – the sender was from a Google domain. However, it’s also easy to forge an email address.”
The decisive moment came when Mitrovic recognized the artificiality of the voice: “The caller said ‘hello’, I ignored it, then about 10 seconds later he said ‘hello’ again. At that point, I realized it was an AI voice because the pronunciation and spacing were too perfect.”
After the call, Mitrovic investigated the incident further: “At home, I checked the login activity. The only sign-in sessions were my own.”
Mitrovic’s blog post shows how advanced and multi-layered modern phishing attacks have become. They combine fake emails, spoofed phone numbers and AI-generated voices, making it difficult for users to distinguish genuine from fraudulent contact attempts.
Global Signal Exchange: Google’s answer to scams
In response to this growing threat, Google has now launched a counter-offensive. In collaboration with the Global Anti-Scam Alliance (GASA) and the DNS Research Federation (DNS RF), the “Global Signal Exchange” has been launched. This platform is designed to provide real-time insights into fraud and cybercrime, enabling fraudulent activities to be identified and disrupted more quickly.