Fake account recovery requests targeting Gmail users

The robotic precision in saying ‘Hello’ revealed the scam as an AI-generated voice, making the attack otherwise harder to detect.

An emerging sophisticated AI scam is targeting Gmail users, tricking individuals into approving fake account recovery requests to steal personal data. IT consultant Sam Mitrovic shared his near-miss encounter with this scam, although he ignored the initial prompt, the attack resurfaced a week later with more aggressive tactics.

His ordeal began when he received a Gmail account recovery request, a common phishing technique used to trick users into entering their credentials on fake login pages. Although Mitrovic ignored the initial prompt, the attack resurfaced a week later with more aggressive tactics.

After receiving another recovery notification, Mitrovic picked up a phone call from someone claiming to be a Google support representative. The caller, posing as an American with an authentic-sounding accent, asked if he had logged into his account from Germany. When Mitrovic denied it, the caller warned him that his Gmail account had been compromised for the past week, and sensitive data had already been downloaded.

The scam appeared even more convincing when Mitrovic looked up the caller’s number and found it linked to genuine Google business pages, although the number was related to Google Assistant rather than Google support. As the conversation continued, Mitrovic grew more suspicious. The email confirmation he received appeared authentic, but closer inspection revealed a cleverly disguised address that mimicked Google's domain.

The biggest red flag, however, came when the caller repeated the word “hello” in an eerily perfect voice. This robotic precision revealed the scam as an AI-generated voice, making the attack harder to detect.

Based on his encounter and alertness, Mitrovic in his blog advices people to always verify the source of such requests by cross-checking with official Google channels, and never rush into actions out of fear or urgency. ‘Attackers often rely on panic to bypass a victim's better judgment.’

At the same time, Google is also emphasizing that its support team will never contact users by phone for account recovery.