AI-Driven Phishing Scam Uses Deepfake Robocalls to Target Gmail Users in Credential Theft Campaign

Cybercriminals have deployed AI-powered phishing campaigns targeting Gmail's 1.8 billion users through a combination of deepfake robocalls and sophisticated emails. The attack begins with AI-generated phone calls claiming the victim's Gmail account has been compromised, followed by legitimate-looking emails from spoofed Google domains requesting account recovery codes. The scammers use AI tools to create convincing voice messages and craft emails that can bypass traditional security filters. One documented case involved a victim named Lea who was deceived for over two years by someone impersonating actor Martin Henderson, ultimately losing over $375,000. Another case involved programmer Zach Latta, who nearly fell victim to a caller with an American accent using a genuine Google phone number and sending emails from legitimate Google domains. The FBI warned in May 2024 that these AI-driven attacks can result in 'devastating financial losses, reputational damage, and compromise of sensitive data.' Cybersecurity experts note that AI tools for creating sophisticated phishing attacks are available for as little as $5, and deepfakes can be created in under 10 minutes. The scams exploit Google's own infrastructure, including g.co subdomains and Google Forms, to appear legitimate.