Using AI to steal information via Gmail

More sophisticated with AI tools

Recently, the Vietnam Cyberspace Emergency Response Center - VNCERT/CC, the Department of Information Security, Ministry of Information and Communications has issued a warning about a sophisticated phishing campaign, taking advantage of AI and impersonation technology to steal users' gmail login information, taking place around the world.

This new form of fraud includes spoofing Google emails and phone numbers, using artificial intelligence technology - AI to create realistic messages and calls to trick users into providing sensitive information.

Talking to reporters of Dai Doan Ket Newspaper, cyber security expert Ngo Minh Hieu (National Cyber ​​Security Monitoring Center) analyzed that this scam campaign operates by combining traditional scam methods with new technology.

Specifically, the subjects used AI to spoof Google emails and phone numbers: The scammers created emails and phone numbers that were very similar to official notifications from Google, making it difficult for users to detect the difference.

Using AI to generate automated content: AI is used to create emails, messages, or calls with content designed to trick users into providing their login credentials. These content is often very convincing and uses tricks such as security warnings, account authentication requests, or information update reminders.

Deepfake voice: One of the novel elements is that AI can create fake calls with voices that are identical to Google support staff. This increases the credibility of the attack, making users more vulnerable to being fooled.

According to cyber security expert Ngo Minh Hieu, this new phishing campaign aims to collect Gmail login information, including:

Account information: Can be used to access Gmail, Google Drive documents, and many other services associated with Google.

Sensitive data: Personal emails can contain important information such as bank accounts, passwords, and financial documents.

The consequences of having your Gmail information stolen are that the user loses access to their account: The user may be locked out of their account and unable to access emails, documents, or other important information.

Personal Information Leakage: Sensitive data in emails, such as financial information, contact information, and confidential documents, can be exploited to commit fraud or other attacks.

Chain attacks: Gmail accounts are often linked to many different services, such as bank accounts, social networking services, and mobile apps. This can lead to other attacks across multiple platforms if Gmail is compromised.

Be careful when using Gmail

Mr. Hieu recommends that people absolutely do not provide sensitive information via email or phone: Google never asks users to provide login information via email or phone. If you receive a request for information, you need to carefully check the source.

Enable two-factor authentication (2FA): Two-factor authentication is an extra layer of security that helps protect your account from attacks. Even if an attacker gets your password, they still need a second authentication code to access your account.

Double-check emails and messages: Phishing emails often have small signs like misspellings, unofficial links, or requests for urgent action. Users should double-check before clicking on any links.

Use advanced security tools: Install security software and browser extensions that help detect phishing attacks. Also, regularly update your security system to ensure your account is best protected.

"Do not access links or download files of unknown origin: These links may contain malicious code, causing the user's device to be compromised," the expert emphasized.