Payam Javan: A security researcher and a prominent technology startup CEO have issued warnings about a new, highly sophisticated phishing scam targeting Gmail users. Garry Tan, CEO of venture capital firm Y Combinator, alerted the public on social media platform X (formerly Twitter) about an “elaborate” phishing scheme that leverages AI-generated voices to impersonate Google Support. According to Tan, scammers use caller ID spoofing to appear legitimate and claim to be verifying users’ identities, deceitfully prompting victims to allow password recovery and potentially take over their accounts.

IT consultant Sam Mitrovic detailed his personal encounter with the scam in a recent blog post, highlighting the increasing sophistication and scale of such attacks. Mitrovic received unsolicited notifications to approve Gmail account recoveries, followed by AI-generated voice calls from numbers appearing to be associated with Google Australia and the United States. Although the calls initially seemed legitimate—with official-sounding email addresses and professional demeanor—Mitrovic identified red flags such as spoofed email domains and unnatural voice patterns, ultimately recognizing the attempt as fraudulent. He emphasized that despite the scammers’ efforts to appear credible, vigilant users can identify and thwart these attempts by conducting basic verification checks.

Mitrovic also noted that he was not alone in nearly falling victim to the scam, with others reporting similar targeted attempts. He advised individuals to remain cautious, verify communications through trusted channels, and seek assistance when in doubt. Despite reaching out for comments, Google has not yet responded to the warnings from Tan and Mitrovic. The emergence of such advanced phishing tactics underscores the need for heightened awareness and robust security practices among users to protect against account takeovers and other cyber threats.