More sophisticated thanks to AI tools.
Recently, the Vietnam Cyber Emergency Response Center (VNCERT/CC), under the Information Security Department of the Ministry of Information and Communications , issued a warning about a sophisticated phishing campaign that exploits AI and impersonation technology to steal Gmail login information from users, currently taking place worldwide.
This new form of fraud includes impersonating Google emails and phone numbers, using artificial intelligence (AI) technology to create realistic messages and calls to trick users into providing sensitive information.
Speaking with a reporter from Dai Doan Ket Newspaper, cybersecurity expert Ngo Minh Hieu (National Cybersecurity Monitoring Center) analyzed that this scam campaign operates by combining traditional scam methods with new technologies.
Specifically, these individuals are using AI to spoof Google emails and phone numbers: Scammers create emails and phone numbers that closely resemble official Google notifications, making it difficult for users to detect the difference.
Using AI to generate automated content: AI is used to create emails, messages, or calls with content designed to trick users into providing login information. This content is often very persuasive and uses tactics such as security warnings, account verification requests, or reminders to update information.
Deepfake voice: One of the novel elements is that AI can create fake calls using voices that sound exactly like Google support staff. This increases the credibility of the attack, making users more susceptible to being deceived.
According to cybersecurity expert Ngo Minh Hieu, this new phishing campaign aims to collect Gmail login information, including:
Account information: This can be used to access Gmail, Google Drive documents, and many other services linked to Google.
Sensitive data: Personal emails may contain important information such as bank accounts, passwords, and financial documents.
The consequences of Gmail information theft include users losing access to their accounts: Users may have their accounts locked and be unable to access emails, documents, or other important information.
Personal information leaks: Sensitive data in emails, such as financial information, contact information, and confidential documents, can be exploited to carry out scams or other attacks.
Chain attack: Gmail accounts are often linked to various services, such as bank accounts, social media services, and mobile applications. This can lead to further attacks across multiple platforms if Gmail is compromised.
Use caution when using Gmail.
Mr. Hieu advised people to absolutely not provide sensitive information via email or phone: Google never asks users to provide login information via email or phone. If you receive a request for information, you need to carefully check the source.
Enable two-factor authentication (2FA): Two-factor authentication is an extra layer of security that helps protect your account from attacks. Even if an attacker obtains your password, they will still need a second verification code to access your account.
Carefully check emails and messages: Fake emails often have subtle signs such as spelling errors, unofficial links, or urgent requests for action. Users should check carefully before clicking on any links.
Utilize advanced security tools: Install security software and browser add-ons to detect phishing attacks. Regularly update your security system to ensure your account is best protected.
"Do not access links or download files from unknown sources: These links may contain malware, potentially compromising the user's device," the expert emphasized.
Source: https://daidoanket.vn/canh-giac-truoc-chien-dich-lua-dao-moi-dung-ai-danh-cap-thong-tin-qua-gmail-10292977.html
Comment (0)