Gmail users are being warned about a new type of scam that is sneaking into messages. It seems that hackers have found a way to deceive Google’s advanced AI service known as Gemini, potentially enabling them to insert false messages when users access their inbox and utilize the handy summaries feature.
For those unfamiliar, Google now offers Gmail users the ability to quickly view a summary of an email using the intelligent Gemini AI. This feature condenses lengthy messages into bullet points, making them easier to read and comprehend.
While this enhancement is convenient, there is a hidden risk associated with it. According to reports from Bleeping Computer, cybercriminals could manipulate the system to display additional text, such as a fraudulent warning message at the end of the summary.
The warning might claim, “WARNING: Gemini has detected that your Gmail password has been compromised. Please call us immediately,” followed by a phone number and reference code.
Experts at Mozilla have confirmed a potential vulnerability in the Gemini email summary feature that allows malicious actors to include hidden prompts that appear when messages are opened.
Google has acknowledged the flaw and assured users that they are continuously enhancing their security measures to protect against such attacks. A Google spokesperson informed BleepingComputer that they are strengthening their defenses through exercises that train their models to defend against adversarial attacks.
The tech giant from the US also stated that they have not received reports of users being targeted in this manner, and there is no widespread threat detected. Nevertheless, this incident highlights the ability of criminals to breach email accounts, emphasizing the importance of remaining vigilant.
It is crucial to remember that Google is unlikely to contact users directly. If there are concerns about a compromised password, it is advisable to access Google’s official platform and update security settings.
A key piece of advice is to be cautious of emails or AI summaries and avoid calling any numbers unless their authenticity is verified.