Over the years companies who have maintained and managed major Email providers like Gmail, Microsoft Exchange, and many others have worked to implement security features to protect your account from hackers.  However with the ascension of AI-driven tools, hackers have started employing ever more sophisticated attacks in an attempt to break into email accounts hosted by these major platforms.

Based on Google’s figures, there are currently more than 2.5 billions users of the Gmail service, which makes them alone an attractive platform to attack.

A Microsoft solutions consultant, Sam Mitrovic, recently issued a warning after almost falling victim to what is described as an extremely realistic AI scam call, capable of tricking some of the most experienced of users.

How AI Tools Are Being Used by Hackers

The level of sophistication that hackers have been implementing is on the rise, and Sam Mitrovic was surprised at this level of sophistication that was targeting him.  It started after having received a notification to approve a Gmail account recovery attempt.  This is a common method hackers will use to try to break into an account.  These are notorious phishing attack methods intended to drive the user to a fake login portal where they need to enter their credentials to report the request as not initiated by them.

Since Sam Mitrovic was an experienced Security person with Microsoft, so he was easily able to identify that this was a clear phishing attempt, however most other users would likely fall prey to this type of phishing attack.  However, this isn’t where the attack stopped.  Even more knowledgeable people like Sam Mitrovic may not be prepared for what came next.

After ignoring the initial password reset request, and a subsequent fake call requesting to confirm the account recovery, a week later Sam received another call seemingly coming from Google Support.  Upon answering the call, he was met with what was described as an American sounding voice, claiming to be from Google Support and stating there was suspicious activity on his Gmail account.

The voice reported that someone had accessed Sam Mitrovic’s account for the past 7 days, and downloaded all of his associated data from his Google account.  This raised suspicion for Sam, as he’d recalled in the prior week of the fake Phishing attempt to reset his Google password.  After Googleing the phone number he had been called from, Sam discovered that it did indeed lead to a Google Business page.

This is a very clever tactic which is more likely to fool many unsuspecting users who may be panicked in the moment, as it wasn’t an official Google Support number, but instead a call from a Google Assistant.

How can you Stay Protected from AI Driven Attacks

As hackers employ further sophisticated attacks and tools such as AI based voice, AI generated phishing pages, and other variations of AI driven attacks, it’s important to know that it is possible to remain safe online by following a few principles.

Implementing Two Factor Authentication  using a Modern Authentication app like Google Authenticator, or the Microsoft Authenticator can go a long way in preventing unauthorized access to many accounts.  2FA based methods of authentication require users to enter a unique code that is constantly regenerated to confirm login.

Some account will also require an App-Password be used to sign into specific applications that have access to your account.  For example, Microsoft based email accounts with Modern Authentication implemented and set to Enforced will require that the end-user generate and authenticate to their preferred email application with an App Password. An App Password is a specially generated password that will only work with a specific app such as Outlook, thus preventing hackers from connecting your account to their own Email platform without your MFA credentials.

For google account users, consider enrolment into Google’s Advanced Protection Program, designed for users such as journalists, activists and politicians who may be thought of as high-risk account holders.  As the combination of the protections brought by both of these technologies makes it something of a no-brainer for most people with a Google account, including all Gmail users.

There is a constant battle between Security Engineers, and hackers or bad-actors, and the use of AI methods is only the next fray into a constant fight in the cyber security space.  One of the best way’s to stay safe from cyber-criminals  is by partnering with a trusted technology partner who can help you stay secure.  If you want to learn more about how Natural Networks can help keep your IT secure in the ever-evolving space of AI, give us a call today!