Gmail users are being cautioned to remain vigilant and be on the lookout for a new deceptive scam that is embedded within messages. There seems to be a method of outsmarting Google’s advanced AI Gemini service, potentially enabling hackers to insert fake messages into users’ inboxes when they access the summary feature.
For those unfamiliar, Google now allows Gmail users to view a concise summary of emails using smart Gemini AI. This feature condenses lengthy messages for quicker comprehension by highlighting key information in bullet points.
While this enhancement is useful, it has unveiled an underlying risk. According to reports by Bleeping Computer, cybercriminals could manipulate the system to display additional text, such as a fraudulent warning message claiming a compromised Gmail password and urging immediate contact through a provided phone number and reference code.
Mozilla experts have verified a vulnerability within the Gemini email summary feature, allowing cyber thieves to include hidden prompts that surface when messages are opened.
Google has acknowledged the flaw and asserted its ongoing efforts to enhance platform security. A Google spokesperson informed BleepingComputer that they are continuously strengthening their defenses through rigorous exercises to train their models against adversarial attacks.
The tech giant stated that there have been no reported user attacks using this method, and there is no widespread threat detected. Nevertheless, this incident highlights the persistent ability of criminals to breach email accounts, emphasizing the importance of staying vigilant.
It is crucial to remember that Google is unlikely to contact users directly. In case of suspected password compromise, users should access Google’s official platform to make necessary changes.
A key suggestion is to be cautious of emails or AI summaries and refrain from calling provided numbers unless they are confirmed official hotlines.
