If you use Gmail, there is something very crucial you need to know. More than 1.8 billion Gmail users are being targeted by a new concealed cyber fraud. Many of them don’t even realize it.
What’s going on?
Security experts have discovered that hackers are utilizing Google’s AI tool Gemini in a new way. They send emails that look regular, but they include secret messages in them. Users can’t see these communications, but the Gemini AI reads them when someone clicks “Summaries this email.”
What Makes This Scam So Dangerous?
The attackers are writing these secret instructions in white text. They use a font size of zero. This makes them blend in with the email background and stay hidden from the reader. Gemini, on the other hand, reads them and sends a phones warning, like
“Your Gmail account is in danger. Please call Google Support right away.
This number is not real. If you call it, you be misled into giving out your email password. You will also give out other personal information.
How This Works
“Indirect prompt injection” is what this method is termed. Gemini sees all of the email. Therefore, it can’t tell the difference between a real user message and a hacker order that is buried. Gemini shows a phones warning made by the hacker since it always follows the first thing it reads.
Who Learnt This?
Mozilla’s security team revealed convincing proof of the scam just last week. They showed how Gemini is fooled into sending out fake notifications and leading users astray.
Why You Should Be Careful
This problem is not fully fixed by Google yet. This method can still be used to steal your information until they fix it. It’s even more worrisome. Gemini is also used in Google Docs, Calendar, and other apps. This widespread use makes it more likely to happen.
What You Should Do
Follow these easy steps to keep safe:
Never believe a Gemini report that indicates your password has been stolen or provides you urgent warnings. Google has made it clear that it does not deliver these kinds of warnings through Gemini.
Do not click on any of the phone numbers or websites in the summary. For help, always go to Google’s official website or app.
Set up filters in Gmail to capture emails containing terms like “urgent.” Find and filter URLs that look weird. Also, capture phone numbers that look suspect.
Stay aware when you use AI functions. When you use “Summaries” in Gemini, be particularly careful.
This new scam shows that AI tools can be used for bad things, therefore people need to be careful. Until Google finds a better way to fix this, it’s crucial that we understand how this technique works. We must keep ourselves and our personal information safe.
If you get an email that seems unusual, stop and think. It might ask you to do something right away. Consider it carefully before you take action.
