A Gmail phishing scheme that fools even experts: Cyber Security Today for Tuesday, October 15, 2024

Share post:

Due to a malfunction (in my brain – I can’t blame the technology for my stupidity) the weekend show wasn’t live til Monday, so you may not have received the notice that we would be off for the Holiday in Canada. 

To get us back on track we’re doing a Tuesday, Thursday and a weekend show this week. Hope it’s not too confusing.

And now, back to the show…

The Wayback Machine is back as the Internet Archive comes back online in read only mode.

An AI driven Gmail phishing scheme that defeats even the experts. 

And a Canadian company’s Quantum computing platform is used in a major step in cracking military level encryption.

This is Cyber Security Today. I”m your host, Jim Love

The Internet Archive’s Wayback Machine is back online, but only in read-only mode following last week’s significant data breach. Founder Brewster Kahle announced on social media that the site has returned in a “provisional manner,” cautioning users that further maintenance may require it to go offline again.

The “Save Page Now” feature, which allows users to archive a web page in real-time, remains unavailable. Kahle also asked users to “please be gentle” as the platform regains stability. 

Last week’s breach saw the Internet Archive fall victim to a series of distributed denial-of-service (DDoS) attacks, leading to the exposure of sensitive data for millions of users. The Archive, known for preserving historical versions of websites and digital media, has been struggling to maintain full functionality since then.

In the meantime, a lot of people will be checking Have I Been P’wnd to see if you are one of the 31 million people whose data was leaked. And of course, because nobody in our listenership uses the same password twice, you’ll be fine, but you may want to remind your friends and colleagues to take appropriate precautions. 

Sources include: Mashable (https://mashable.com).

A piece in Forbes detailed two new Gmail phishing schemes which are incredibly sophisticated and which came close to fooling them, and would certainly fool a large section of average users . 

Microsoft solutions consultant Sam Mitrovic recently shared how he narrowly avoided falling for a sophisticated AI-driven scam targeting Gmail users. This scam uses a mix of well-timed notifications and convincing calls that can deceive even experienced tech professionals.

The scam started with a fake Gmail account recovery notification, followed by a missed call purportedly from Google Support. Mitrovic ignored these at first, but a week later, the notifications and calls repeated, this time with a voice from an “American” Google support agent. The caller cleverly used fear tactics by asking if Mitrovic was travelling or had logged in from Germany, which Mitrovic denied. The scammer then claimed that his Gmail account had already been compromised for a week, escalating the urgency and making Mitrovic recall the earlier missed call.

While on the phone, Mitrovic googled the number and found it linked to a legitimate Google business page. This tactic—using numbers associated with Google services—adds a layer of credibility that can easily mislead users into believing the scam is genuine.

Another similar scam reported by Garry Tan, founder of Y Combinator, involved a fake Google support agent claiming a family member was trying to recover his account. The use of Google Forms makes this scam seem legitimate as the forms have what looks like a genuine google address.  

How are they sustaining such and elaborate scheme? AI. .

Mitrovic eventually recognized the scam when he noticed the voice’s spacing and pronunciation were “too perfect,” a sign that it was AI-generated. 

His advice and experience serve as a warning—no matter how convincing the scam, Google will never reach out like this. Always double-check any unexpected support calls or requests and avoid making hasty decisions under pressure.

Now, I’m not the world’s cyber security expert. I have been fooled in the past. Would I have been fooled by this? The give away for me is that I’ve tried to solve problems with Google in the past and I wouldn’t believe that any human being is ever going to call me – but what if it was an AI call? Hmmm. 

Jokes aside, whether you use Gmail or not, these sophisticated types of attacks are becoming more and more common with AI providing the basis for increasingly sophisticated and convincing attacks.  

I’ve provided a link to the Forbes article and to Mitrovic’s blog if you want to dive a little deeper into this.

Sources include: Forbes (https://www.forbes.com) and Mitrovic’s Blog https://sammitrovic.com/infosec/gmail-account-takeover-super-realistic-ai-scam-call/

Chinese Quantum Computer Hacks Encryption, Threatens Banking and Military Security**

Chinese researchers have claimed a major breakthrough in quantum computing by using a Canadian-made D-Wave quantum computer to attack encryption algorithms commonly used in banking and military applications. Notably, the D-Wave Advantage was originally designed for non-cryptographic applications, such as logistics and finance, rather than breaking encryption.

The research, led by Wang Chao of Shanghai University, represents what they call the first quantum-based threat to these widely adopted security systems. The team used the D-Wave Advantage to target algorithms known as Present, Gift-64, and Rectangle—foundational to the Substitution-Permutation Network (SPN) structure, which underpins the Advanced Encryption Standard (AES). While they did not manage to crack specific passcodes, their success signals an early but growing threat to military-grade encryption.

The researchers acknowledged the limitations of the current technology, including environmental challenges and immature hardware. However, their work suggests that advancements in quantum computing could make today’s most secure cryptographic methods vulnerable.

Sources include: SCMP https://scmp.com and the Quantum Insider https://thequantuminsider.com/2024/10/11/chinese-scientists-report-using-quantum-computer-to-hack-military-grade-encryption/

That’s our show for today. 

I’m your host, Jim Love, 

To my Canadian listeners, hope you had a great thanksgiving. And to everyone,  thanks for listening. 

 

SUBSCRIBE NOW

Related articles

Social Media Fraud Focuses Attacks On Truth Social: Cyber Security Today Weekend for January 18, 2025

Unmasking Social Media Scams: An Interview with Netcraft's Robert Duncan In this weekend edition of 'Cybersecurity Today,' host Jim...

Can Canada Get It’s Mojo Back? An Exclusive Interview With Jim Balsillie for Hashtag Trending

In this episode of the series, 'Can Canada Get Its Mojo Back?', host Jim Love explores the economic...

Microsoft Ends Support for Office 365 Apps on Windows 10: Hashtag Trending for Friday, January 17, 2025

Microsoft announces they won’t support  Office 365 on Windows 10, D-Wave achieves a quantum computing milestone, TikTok prepares...

Hackers Mount High Speed Microsoft 365 Attack: Cyber Security Today – January 17, 2025

Hackers exploit a high-speed Go library to target Microsoft 365 accounts worldwide, North Korea’s Lazarus group lures developers...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways