A new scam targeting Gmail users has emerged, prompting a warning to remain vigilant. Hackers have found a way to manipulate Google’s AI service, Gemini, to insert fake messages into users’ inboxes, particularly when utilizing the email summary feature.
Google now offers Gmail users the ability to view a condensed version of emails through smart Gemini AI, streamlining the reading process by highlighting key points in bullet points.
However, this enhancement appears to come with risks. Cybercriminals can exploit the system to display additional text within the summary, such as a deceptive warning message claiming that the user’s Gmail password has been compromised, along with a phone number and reference code for users to call.
Security experts at Mozilla have confirmed a potential vulnerability in the Gemini email summary feature, enabling hackers to insert hidden prompts that become visible when emails are opened.
Google has acknowledged the flaw and assured users of ongoing efforts to enhance platform security. A Google spokesperson stated that they are continuously strengthening their defense mechanisms through rigorous exercises to combat adversarial attacks.
While Google has not reported any user attacks related to this vulnerability and does not perceive a widespread threat, the incident underscores the persistent threat of email infiltration by cybercriminals, emphasizing the need for heightened awareness.
Users are advised to exercise caution and refrain from trusting unsolicited emails or AI summaries, emphasizing the importance of verifying the legitimacy of contact details before taking any action. It is recommended to proactively secure accounts by changing passwords through official platforms in case of suspected compromise.