Gmail users are being cautioned to remain vigilant against a new type of scam embedded in messages. Hackers have found a loophole in Google’s advanced AI service, Gemini, enabling them to insert fake messages into inboxes when users access the summary feature.
Google now offers Gmail users the ability to view a concise summary of emails using smart Gemini AI. This feature condenses lengthy messages into bullet points for quicker comprehension.
However, this enhancement comes with an undisclosed risk. Cybercriminals can manipulate the system to display additional text, such as false warnings, within the email summary. For example, a scam message might claim that the user’s Gmail password has been compromised and urge them to call a specified number immediately.
Security experts at Mozilla have verified a potential vulnerability in the Gemini email summary feature, allowing malicious actors to add hidden prompts that appear when messages are opened.
Google has responded to the flaw, assuring users that it is continuously enhancing security measures to protect against such attacks. The tech giant stated that it has not detected any instances of users being targeted in this manner and does not perceive a widespread threat.
Nevertheless, this incident underscores the persistence of cybercriminals in infiltrating email accounts, emphasizing the importance of remaining cautious. Users are advised that Google is unlikely to initiate contact via email. In case of suspected password compromise, it is recommended to access Google’s official platform to make necessary changes.
A crucial tip is to exercise skepticism towards emails or AI summaries and avoid calling any provided numbers unless they are verified as official hotlines.