AN URGENT warning has been issued for over a billion Gmail users amid a “hidden danger” which is stealing passwords – and this is what you need to watch out for.
The new type of attack has been flying under the radar, attacking an eye-watering 1.8 billion Gmail users without them even noticing.
2
Users therefore need to make sure they follow the correct instructions in order to combat the malicious activity.
Thieving hackers are using Google Gemini – the company’s AI built-in tool – to trick users into giving over their credentials.
Cybersecurity experts have found that bad actors are sending emails with concealed instructions that cause Gemini to generate fake phishing warnings.
These tricks users into sharing personal account information, or visiting malicious websites.
The emails are usually constructed in a manner which makes them appear urgent – and occasionally from a business.
Shady hackers will craft these emails by setting the font size to zero and the text colour to white – before inserting prompts invisible to users but picked up by Gemini.
GenAI bounty manager Marco Figueroa demonstrated how such a dangerous prompt could falsely alert users that their email account has been compromised.
These warnings would urge victims to call a fake “Google support” phone number provided, in order to resolve the issue.
To fight these prompt injection attacks, experts have made a number of recommendations that users should act on immediately.
They firstly suggested that companies configure email clients to detect and neutralise hidden content in message bodies.
This should help counter hackers sending invisible text within emails.
Security experts also recommended that users implement post-processing filters to scan inboxes for suspicious elements like “urgent messages”, URLs, or phone numbers.
This action could bolster defences against threats.
The scam was brought to light after research, spearheaded by Mozilla’s 0Din security team, showed proof of one of the hostile attacks last week.
The report showed how hackers tricked Gemini into showing a fake security alert.
It warned users their password had been stolen – but the message was fake and designed to steal their info.
The trick works by hiding a secret size zero font prompt in white text that matches the email background.
So when someone clicks “summarise this email” using Gemini, the tool reads the hidden message – not just the visible bit.
This form of manipulation is named “indirect prompt injection”, and it takes advantage of AI’s inability to differentiate between a user’s question and a hacker’s embedded message.
AI cannot tell the difference, as both messages look like text, and it will usually follow whichever comes first – even if it is malicious.
As Google have failed to patch this method of scamming victims, the door is still open for hackers to exploit this technique.
Sneaking in commands that the AI may follow will be an effective method of leaking sensitive data until users are properly protected against the threat.
AI is also incorporated into Google Docs, Calendar, and outside apps – widening the scope of the potential risk.
Google has reminded users amid this scamming crisis that it does not issue security alerts through Gemini summaries.
So if a summary tells you that your password is at risk, or prompts you with a link to click – users should always treat it as suspicious and delete the email.
2
