A security researcher and a technology startup CEO have issued warnings about a sophisticated scam targeting Gmail users. The CEO of venture capital firm Ycombinator, Garry Tan, posted on X last week, alerting users to an AI-based phishing scam that uses an AI-generated voice. Tan advised users not to click “yes” on the dialog box presented by the scam, as it could lead to their accounts being compromised. The scammers claim to be from Google Support and ask users to verify that they are alive and disregard any death certificate filed against them. This is a ploy to trick users into allowing password recovery. Another security researcher also reported a similar scam attempt last month, which also utilized an AI-generated voice. The scams are becoming increasingly sophisticated and convincing, making it more likely for people to fall victim to them.
The researcher who reported the scam received a notification asking for approval of a Gmail account recovery attempt but rejected it. About 40 minutes later, they received a phone call from someone claiming to be from “Google Sydney,” which was also rejected. A week later, they received another notification for account recovery from the United States and decided to answer the call this time. The caller had an American accent and claimed there was suspicious activity on the user’s account.
The caller asked if the user was traveling or in Germany, both of which were denied by the user. The caller’s number appeared official and matched Google Australia’s IT support page listing. They even sent an email that seemed legitimate at first glance but contained spoofed elements upon closer inspection.
The researcher realized that the voice on the call was AI-generated due to its perfect pronunciation and spacing before hanging up and calling back using Google Maps’ number—only receiving an automated message in response.
Other individuals reported similar experiences with this scam scheme, prompting warnings about remaining vigilant against such attempts.
Accordingly, basic checks should be conducted when encountering suspicious calls or emails related to account recovery or verification processes associated with Google or Gmail accounts.
At present time of publication contact has been made with Google regarding these warnings but no response has been received.