Did you get an unexpected alert from Google asking “Is it you trying to recover your account?” Or did you receive a phone call that seems to be from a Google call center, claiming there’s “suspicious activity”? You might be the target of an AI-powered account takeover scam.
It’s hard to believe that we’re at the point where hackers use AI voice bots to social-engineer people and hack into accounts. And yet, here we are.
Let’s break down the scam and how it works. Here’s what you should do now to avoid having your Google or Gmail account hacked.
In this article:
You may have a Google app installed on your phone, such as Gmail. If so, and if someone tries to hack into your Google account, you may get an alert similar to the following:
Is it you trying to recover your account?
[your Google avatar and Gmail address]Device
Google Support: [alleged support rep’s name]Near
California, USA [or any other location]Time
Just now(
No, don’t allow) ( Yes, it’s me)
No matter what the “Device” line says in the alert you received, the source device is definitely not a Google Support representative trying to recover access to your account for you. It’s always an attacker trying to break into your account (again, unless you personally tried to recover your account at that exact moment).
If you ever get an alert similar to this when you aren’t expecting it, always click on the “
In this particular scam, you might also get a follow-up telephone call. It might even look like it comes from a Google phone number—but scammers can easily spoof this.
And it might sound like a real person—in theory, it might be. But in recent attacks, hackers have been deploying artificial intelligence bots with realistic-sounding voices instead. Because they’re powered by AI, they can plausibly respond to your questions or concerns.
Often, call recipients are skeptical. During the call, the bot may send an e-mail to your Gmail account that, at first glance, might appear legitimate. It may even appear to be sent from an “@google.com” address; again, this is spoofable. It might be sent to, or CCed to, an address at “internalcasetracking(.)com”—a domain that was registered three months ago, and doesn’t belong to Google.
Typically, the body of the e-mail refers to an “Agent” followed by the name the bot gave you. It often claims, “Your Case #[8-digit number] for Google Workspace has been updated.” The e-mail often signs off with “Thank you for your cooperation” followed by “Best regards, Google Account Security Team.”
This e-mail doesn’t actually come from Google—even if it looks like it might. In reality, it’s a scam. If you get such a message, please use the “Report phishing” option in Gmail.
If you’ve gotten an “Is it you…?” alert like the one above, it’s critically important to first say “
Changing your password to something long, complex, and unique—never used elsewhere is crucial to ensure that someone can’t find your password in a data breach. And enabling two-step verification (also called two-factor authentication) provides an additional layer of protection for your account.
You might not realize it, but your e-mail account is one of the ones you need to protect the most. Think about this: most sites offer a “reset password” function. How do these typically work? They send you an e-mail with a password reset link. Now imagine what an attacked can do if they get access to your e-mail. It becomes clear that safeguarding your e-mail account should be a high priority for everyone.
We’ve previously covered a number of scams on The Mac Security Blog, including some that have similarities to this one. Common scams you should beware of include the following:
Be sure to sign up for our free e-mail newsletter to stay up to date on the latest scams and threats to your security and privacy.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: 
