Cybercriminals Reportedly Exploited Google’s G.Co Subdomain and Spoofed Caller ID in AI-Driven Phishing Attack on Hack Club Founder

February 20, 2025

Google's G.Co subdomain was reportedly exploited in a sophisticated AI-driven phishing attack targeting Hack Club founder, Zach Latta. The cybercriminals allegedly spoofed a legitimate Google Assistant number and used voice cloning to impersonate support staff, claiming unusual login activity from Frankfurt. They reinforced the deception by sending a real email from Google's Workspace domain. The attack was thwarted when inconsistencies raised Latta's suspicions, highlighting the importance of safe and secure AI practices. For those interested in shaping responsible AI governance and enhancing AI incident management through Project Cerebellum, JOIN US.

Learn more about how this incident maps to HISPI Project Cerebellum TAIM (Govern) as we work towards improving harm prevention and establishing guardrails for AI.

Alleged deployer

voice-phishers, scammers-impersonating-google-staff, unknown-scammers

Alleged developer

unknown-voice-cloning-technology

Alleged harmed parties

zach-latta, google-users

Data source

Incident data is from the AI Incident Database (AIID).

When citing the database as a whole, please use:

McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.

Pre-print on arXiv · Database snapshots & citation guide

We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.

Cybercriminals Reportedly Exploited Google’s G.Co Subdomain and Spoofed Caller ID in AI-Driven Phishing Attack on Hack Club Founder

Matched TAIM controls