Scammers are increasingly using fake recovery notifications to steal Gmail and social media accounts, reports say.
These fraudulent messages often mimic official recovery emails, warning users of suspicious activity or prompting them to reset their password. Once the user clicks the link and enters their login details, scammers capture this information and gain access to their accounts.
These phishing schemes can lead to identity theft, unauthorized access to personal data, and financial loss.
As reported by PC Mag, Gmail users are falling victim to a sophisticated AI-based account takeover scam, which carefully impersonates Google staff over multiple weeks.
The same ploy is being used for social media accounts such as Facebook, Instagram, WhatsApp, X, etc., hence the need for vigilance.
An IT consultant and tech blogger, Sam Mitrovic, received a notification to approve a Gmail account recovery attempt, which he denied. According to his blog, Mitrovic then received a call roughly 40 minutes later, showing the caller ID as Google Sydney, which he also declined.
Using phony account-recovery notifications is a classic trick used by cybercriminals carrying out phishing attacks, Forbes points out. These types of ploys will generally lead customers to a fake login portal, which will capture their login details.
The following week, Mitrovic received another notification to approve an account recovery, alongside a call from an Australian number 40 minutes later. This time, he decided to pick up.
An “American voice, very polite and professional” told the IT expert there has been suspicious activity on his account. The caller said someone illegally accessed his account and downloaded his account data over the course of a week, which reminded him of the previous incident.
The IT expert did his due diligence before taking things further and discovered the caller’s number was the official one listed as Google Australia’s IT support. He decided to ask for a confirmation email, only to find the email he received appeared to be an official one used by Google’s support team. But imitating real email addresses and phone numbers used by companies is a common attack vector used by cybercriminals, usually called “spoofing.”
Mitrovic, after doing his digging, found the email didn’t arrive from a true Google domain but a cleverly disguised fake one, only visible after carefully reviewing the email “TO” field. He also found no unusual logins in his Google Account history. He then realized the caller, still on the line, was AI-generated as his spacing and pronunciation was “too perfect.”
Mitrovic found he wasn’t the only one who almost got conned. After searching online, he found a user on Reddit who had been hit by a similar scheme, as well a user on an Australian message board dedicated to scams, ReverseAustralia.
Forbes suggests that it’s highly likely the attack outlined in the blog would have ended up with a cloned login portal capturing Mitrovic’s login details if it wasn’t for his technical know-how. The scam probably would’ve included “cookie stealing malware” to bypass two-factor authentication.
“There are many tools to fight the scammers, however. At an individual level, the best tool is still vigilance, doing the basic checks as above or seeking assistance from someone you trust,” Mitrovic warns.
