If you’re a Gmail user, there’s an important alert you shouldn’t ignore. Cybercriminals have found a new way to exploit Google’s AI tool, Gemini, to steal user passwords—making it crucial for users to stay vigilant online.
What’s happening?
According to cybersecurity expert Marco Figueroa, scammers are using “prompt injection” attacks to manipulate Gemini, which is now built directly into Gmail. Gemini helps users summarize emails, schedule meetings, and more, but hackers have discovered a way to exploit it using hidden commands embedded in HTML emails.
These hidden prompts are cleverly masked in white text and set to a zero font size—making them invisible to the human eye. When a user asks Gemini to summarize such an email, the tool unknowingly responds to the malicious prompt, which can lead to phishing scams.
How the scam works:
Attackers send emails that appear legitimate but contain concealed instructions for Gemini. When Gemini processes the email, it may generate a fake warning that says the recipient’s Gmail account has been compromised. The user is then urged to contact a bogus customer support number, which scammers use to extract personal data or account credentials.
Figueroa warns that even though around 1.8 billion users have been protected so far, the threat remains serious and evolving.
How to protect yourself:
- Never click on suspicious or unfamiliar links.
- Double-check the website address – the official Gmail URL is https://mail.google.com.
- Report any suspicious emails to Google immediately.
- Change your Gmail password regularly.
- Enable two-factor authentication to add an extra layer of security.
Your awareness is your best defense. For more updates on tech security and AI-related news, visit PassionateGeekz.com.