Cyber attacks are on the rise, and Gmail is the latest hunting ground. Year after year, AI grows larger and more complex. Now hackers are utilising the latest in AI technology to improve their attacks and worm their way past cyber security defences.
So, with attacks becoming more and more frequent, how can you stay protected against a threat that never seems to stop? Let’s take a look at how hackers managed to use AI to their advantage, and the steps you can take to not fall victim to the same tricks.
Why are Gmail users being targeted?
The short answer is the sheer amount of potential victims. Cyber criminals aren’t fussy about who they target, whether it’s a business or members of the public. This also means that businesses of all sizes are in danger, from your local post office to giant multi-office enterprises. Gmail was simply a 2.5 billion user pond for the hungry phishing emails.
When we look at the numbers, a staggering 80% of organisations are under constant threat of phishing. SMBs may feel that hacking is more of an enterprise problem, however, any sort of online presence, even as simple as having a Facebook page or advertising your email, puts a target on your back. Enterprises on the other hand, could have thousands of potential weak points, as just one employee mistake can lead to catastrophic damage.
If the Gmail security threat has outlined anything, it’s the need to stay ahead of the latest cyber security risks.
How cybercriminals exploited AI
AI is losing that ‘uncanny valley’ feel it had to it only a couple of years ago. In fact, one of the Gmail victims described the AI as “the most sophisticated phishing attack I’ve ever seen.” They also went into detail about the AI, how the connection was pristine and the ‘agent’ spoke clearly. Another recipient of the scam email explained how they were called directly after rejecting the email and asked if they were travelling the country and whether they had logged in from Germany.
This level of detail and realism widens their pool of potential victims. Gone are the days of the computer illiterate falling for cyber attacks. Now, with this level of sophistication, anyone is fair game. It doesn’t just stop at AI. Paired with realistic Google forms, the email, phone call, and form combo has sparked serious security concerns.
“We’ve suspended the account behind this scam,” a Gmail spokesperson said, “we have not seen evidence that this is a wide-scale tactic, but we are hardening our defences against abusers leveraging g.co references at sign-up to further protect users.”
The devastating impact of the Gmail AI hack
With 2.5 billion potential victims dangling in front of them, it’s no surprise that hackers are targeting Gmail with increasingly sophisticated attacks. When we look at the impact of AI phishing, the victims fall into three categories.
The first group we have to look at are the users. This latest cyber security scare highlights just how realistic these new AI phishing attempts can be. The level of sophistication goes past just an email. They have an automated system with notifications spanning multiple weeks that backs up the AI phone operator’s claims that someone has successfully logged into their account.
The second group are the businesses that use Gmail as their primary email platform. The potential financial damages for falling victim to a phishing email can be catastrophic, and the more employees without sufficient cyber security training, the more holes in your cyber security.
The third victim is Gmail itself. 2.5 billion users make them a goldmine for hackers, which means their cyber security defences need to be second to none. Also, when it comes to public perception, 66% of consumers would not trust a company that fell victim to a cyber security hack.
How AI is changing the landscape of online attacks
AI is fast becoming a game-changer across art, literature, and unfortunately, hacking. AI tools are not only convincing, but they’re also easily accessible to anyone with internet access. This means that these types of AI attacks are only going to grow in popularity.
Tips and tricks that work now, such as listening for a mechanical edge in the AI’s voice and focusing on eye movements for deepfake videos, may not work in a couple of years as the technology improves. The overarching advice then, is to continually update yourself and your team on the latest AI trends and tools to keep your business protected.
AI-generated phishing emails
Back in the day, typos were one of the tell-tale signs of a phishing email. Unfortunately, with AI double-checking their work, typos are now a thing of the past. With AI they can simply input the instruction: “Create an email notifying Gmail users that their account has been hacked” and boom. A perfectly crafted, and professional-sounding, email.
Deepfake cybercrime
Deepfakes are essentially AI puppets that use someone’s likeness, whether it’s their voice, face, or both, to trick potential victims into handing over sensitive information. They can masquerade as anyone, but there are subtle signs to tell the difference between a fake and the genuine article, which include: a blurred edge around the person, mismatched mouth movements and audio, as well as incorrect inclinations on audio scams.
AI-powered malware and automated hacking
It’s easy to picture hacking as a man furiously typing away on a keyboard, breaking past firewall after firewall, but the reality is much different. AI-powered malware is adept at identifying vulnerabilities: It can analyse data to find weak passwords, vulnerable ports, and services. All this can also be part of an automated process, which means your email simply needs to be added to a list, and then the AI runs the scam for them.
How to strengthen your defences against AI-driven threats
Fear not, it’s not all doom and gloom. The good news is technology is evolving on both sides. This means that cyber security tools are developing just as quickly as AI, and there are several ways to keep your personal and business data protected against emerging threats.
Let’s take a look at the latest cyber security tools, from advanced email security and zero-trust architecture, to implementing AI to fight back against their hacker counterparts. As over 50% of businesses are reported to experience some kind of cyber attack, it’s important to arm yourself against hackers.
AI vs. AI
We’ve talked about how AI is growing more popular for phishing scams, but cyber security tools are also making use of AI technology. Advanced threat detection can flag emails that look suspicious. Vulnerability management can scan your systems for any weak points, and with lightning-fast incident reports, when something does go wrong, your AI systems are already on the case.
Zero-trust security
Zero-trust security essentially means that your IT systems trust no one by default. Employees are required to verify their ID whenever they try to access the private network. This extra layer of security prevents data breaches, limits internal lateral movement, and helps organisations contain breaches by preventing hackers from seeing resources they are not authorised to use.
Employee training & awareness
Employee training & awareness is more important than any cyber security tool. All the latest cyber security tools are useless if an employee clicks on a suspicious link. This is why it’s essential to foster a culture of awareness, especially when new AI threats are emerging, what feels like monthly.
Protect your business against the latest AI threats
We’ve only scratched the surface of the cyber security trends and threats that are popping up in 2025. Never fear, our expert team are standing by to help your business stay protected against the latest threats. Let’s work together to train your team about AI, deepfakes and how to spot potential phishing emails.
