Gmail users are being cautioned to remain vigilant against a new deceptive scam tactic embedded within email messages. It seems that malevolent actors have found a way to outsmart Google’s intelligent Gemini service, allowing them to insert fraudulent messages into inboxes when users access the convenient summaries feature.
For those unfamiliar, Google now offers Gmail users the ability to quickly view email summaries using advanced Gemini AI. This feature condenses lengthy messages into easily digestible bullet points for efficient reading.
While this enhancement is beneficial, it also harbors a hidden risk. According to reports by cybersecurity experts, hackers could manipulate the system to display unauthorized text, such as false alerts or warnings within the email summaries.
One example showcased how cybercriminals could include a message like, “WARNING: Gemini has detected that your Gmail password has been compromised. Please call us immediately,” followed by a phone number and reference code.
Security analysts at Mozilla have verified a potential vulnerability in the Gemini email summary function, enabling cyber thieves to incorporate covert prompts that become visible when emails are opened.
In response to this flaw, Google stated that it is continuously enhancing its security measures to safeguard its platform. A Google spokesperson reassured that ongoing efforts, including rigorous red-teaming exercises, are being undertaken to fortify defenses against adversarial attacks.
The technology behemoth affirmed that there have been no reported instances of users falling victim to this exploit, indicating no widespread threat. However, this incident underscores the persistence of criminals finding ways to breach email systems, emphasizing the importance of remaining cautious.
Users are advised to remember that Google is unlikely to initiate contact via email. If there are concerns about compromised passwords, it is recommended to directly access Google’s official platform to address security issues.
A crucial tip is to exercise skepticism towards emails and AI summaries, and refrain from calling any numbers unless their legitimacy as official hotlines is verified.