AI scam bots are trying to “recover” your Gmail account
Posted on by Joshua Long
Did you get an unexpected alert from Google asking “Is it you trying to recover your account?” Or did you receive a phone call that seems to be from a Google call center, claiming there’s “suspicious activity”? You might be the target of an AI-powered account takeover scam.
It’s hard to believe that we’re at the point where hackers use AI voice bots to social-engineer people and hack into accounts. And yet, here we are.
Let’s break down the scam and how it works. Here’s what you should do now to avoid having your Google or Gmail account hacked.
In this article:
- The “Is it you…?” alert on your phone
- The AI-voice phone call and follow-up e-mail
- How to avoid getting hacked
- Other scams to watch out for: Apple, sextortion, and fake invoices
- How can I learn more?
The “Is it you…?” alert on your phone
You may have a Google app installed on your phone, such as Gmail. If so, and if someone tries to hack into your Google account, you may get an alert delivered via a push notification, similar to the following:
Is it you trying to recover your account?
[your Google avatar and Gmail address]Device
Google Support: [alleged support rep’s name]Near
California, USA [or any other location]Time
Just now(❌ No, don’t allow) (✅ Yes, it’s me)
No matter what the “Device” line says in the alert you received, the source device is definitely not a Google Support representative trying to recover access to your account for you. It’s always an attacker trying to break into your account (again, unless you personally tried to recover your account at that exact moment).
If you ever get an alert similar to this when you aren’t expecting it, always click on the “❌ No, don’t allow” button. Then be sure to follow the steps in the “How to avoid getting hacked” section below.
(Note that the push notification will be from the Google or Gmail app itself, not from an e-mail. If you see something like the above in the body of an e-mail message, don’t click on anything.)
The AI-voice phone call and follow-up e-mail
In this particular scam, you might also get a follow-up telephone call. It might even look like it comes from a Google phone number—but scammers can easily spoof this.
And it might sound like a real person—in theory, it might be. But in recent attacks, hackers have been deploying artificial intelligence bots with realistic-sounding voices instead. Because they’re powered by AI, they can plausibly respond to your questions or concerns.
Often, call recipients are skeptical. During the call, the bot may send an e-mail to your Gmail account that, at first glance, might appear legitimate. It may even appear to be sent from an “@google.com” address; again, this is spoofable. It might be sent to, or CCed to, an address at “internalcasetracking(.)com”—a domain that was registered three months ago, and doesn’t belong to Google.
Typically, the body of the e-mail refers to an “Agent” followed by the name the bot gave you. It often claims, “Your Case #[8-digit number] for Google Workspace has been updated.” The e-mail often signs off with “Thank you for your cooperation” followed by “Best regards, Google Account Security Team.”
This e-mail doesn’t actually come from Google—even if it looks like it might. In reality, it’s a scam. If you get such a message, please use the “Report phishing” option in Gmail.
How to avoid getting hacked
If you get an “Is it you…?” alert like the one above, it’s critically important to first say “❌ No, don’t allow,” and then change your password and enable two-step verification for your Google account. You should do both via the official Google site linked below. (You shouldn’t trust any supposed Google links you got via e-mail, text message, or even Google search results.)
Why is it important to change your password and enable two-step verification?
Changing your password to something long, complex, and unique—never used elsewhere is crucial to ensure that someone can’t find your password in a data breach. And enabling two-step verification (also called two-factor authentication) provides an additional layer of protection for your account.
You might not realize it, but your e-mail account is one of the ones you need to protect the most. Think about this: most sites offer a “reset password” function. How do these typically work? They send you an e-mail with a password reset link. Now imagine what an attacker can do if they get access to your e-mail. It becomes clear that safeguarding your e-mail account should be a high priority for everyone.
Other scams to watch out for: Apple, sextortion, and fake invoices
We’ve previously covered a number of scams on The Mac Security Blog, including some that have similarities to this one. Common scams you should beware of include the following:
- Top 10 online scams to beware of: from malvertising to deepfake kidnappings
- How to spot fake Apple security alerts via text, phone, email, or web
- Porn blackmail “sextortion” emails: Has someone hacked you?
- Don’t fall for “iCloud FREE Storage Notice” email scams
- New email scam targets blogs, threatens DMCA takedown claiming illegal image use
- Fake invoice scams: Norton, McAfee, PayPal, and more
- Fake “Geek Squad” emails: Call center scam leverages Intuit QuickBooks servers
Be sure to sign up for our free e-mail newsletter to stay up to date on the latest scams and threats to your security and privacy.
How can I learn more?
To read more about this AI voice scam, see this X post from Garry Tan and deep-dive blog post by Sam Mitrovic.
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: