Gmail users are being cautioned to remain vigilant and be wary of a new form of scam that is embedded within messages. It seems that there is a method of deceiving Google’s intelligent AI Gemini service, potentially enabling hackers to insert fake messages into users’ inboxes when they access them and opt for the useful summaries feature.
In case you are not familiar, Google now allows Gmail users to view a brief summary of an email using the smart Gemini AI. Essentially, this feature condenses lengthy messages into bullet points for quicker comprehension.
While this is a convenient enhancement, it has revealed an underlying risk.
According to reports by Bleeping Computer, cybercriminals can manipulate this system to display extra text, such as a warning message placed at the end of the summary.
The warning reads, “WARNING: Gemini has detected that your Gmail password has been compromised. Please call us immediately,” followed by a phone number and reference code.
Experts at Mozilla have also verified a potential vulnerability in the Gemini email summary feature, allowing cyber thieves to add hidden prompts that surface when messages are opened.
Google has responded to this flaw, stating that it is continuously enhancing its security measures to protect its platform.
A Google spokesperson informed BleepingComputer, “We are continuously fortifying our already strong defenses through red-teaming exercises to train our models against such adversarial attacks.”
The US tech giant asserts that there have been no reported attacks on users in this manner, and there is no indication of a widespread threat.
Nevertheless, this serves as a reminder that criminals can still breach email accounts, emphasizing the need for users to remain vigilant.
It is crucial to remember that Google is unlikely to contact users directly. If you suspect a compromise of your password, it is advisable to access Google’s official platform to make necessary changes.
A key tip is to exercise caution and refrain from trusting emails or AI summaries blindly, and avoid calling any numbers unless their legitimacy as an official hotline is confirmed.
At Reach and its affiliated entities, we and our partners utilize device identifiers and cookies to enhance user experience, analyze site usage, and display personalized ads. Users can opt out of data sharing/selling by clicking the respective button on the webpage. By using our services, you agree to our cookie usage, Privacy Notice, and Terms and Conditions.