Gmail users are being cautioned to remain vigilant against a new deceptive scam that lurks within messages. It seems that a method exists to deceive Google’s sophisticated AI Gemini service, potentially enabling hackers to insert counterfeit messages when users access their inbox and activate the helpful summaries feature.
For the uninitiated, Google now offers Gmail users the ability to view a brief summary of an email through the intelligent Gemini AI. This feature condenses lengthy messages into quick, digestible bullet points for easier comprehension.
While this enhancement is convenient, it appears to harbor a concealed risk. According to reports from Bleeping Computer, cybercriminals could manipulate this system to display extra text, such as a warning message claiming that the user’s Gmail password has been compromised.
Experts at Mozilla have confirmed a potential vulnerability within the Gemini email summary feature, allowing cyber thieves to insert hidden prompts that surface upon opening messages.
Google has acknowledged the flaw and asserts its ongoing commitment to fortifying its platform’s security. A Google spokesperson informed BleepingComputer that they are continuously strengthening defenses through red-team exercises to train their models against such adversarial attacks.
The tech giant from the US stated that they are not aware of any instances where users have been targeted in this manner and have not detected any widespread threat. Nonetheless, this incident underscores the persistence of criminals in finding ways to breach email accounts, emphasizing the importance of remaining vigilant.
It is important to note that Google is unlikely to contact users directly. If there are suspicions of a compromised password, users should promptly access Google’s official platform to take corrective measures.
A crucial tip is to exercise caution and refrain from trusting emails or AI summaries blindly, and avoid calling any provided numbers unless their legitimacy is verified as an official hotline.