Attackers hide prompts in emails using zero-size, white-colored text to manipulate Gemini into showing fake phishing alerts.
Users are tricked into calling fake support numbers via Gemini-generated warnings, risking exposure of sensitive data.
Experts urge use of email filters and staff training; Google says it’s actively strengthening defences against prompt injection threats.
Security experts have discovered a new Gmail scam that exploits Gemini to steal users’ data. The AI tool, which integrates directly into Gmail via a vertical sidebar, assists users by summarising emails, creating calendar entries and more. However, new research has discovered that cyber attackers can exploit Gemini through “prompt injection.” According to Cybersecurity expert Marco Figueroa, attackers are using hidden prompts to trick Gemini into generating fake phishing alerts.
Notably, around 1.8 billion users have been weaned of this scam. Here’s how this new Google Gemini scam works and how you can stay safe.
SurveyHow Gmail’s Gemini scam works?
As reported, cybercriminals are sending hidden prompts using HTML and CSS within emails that appear to be from trusted sources. These hidden prompts reportedly come with zero font size and are white in colour to stay invisible to users. As the user opens the email and asks Gemini to summarise it, the AI tool is tricked into executing the hidden prompt.
Cybersecurity expert Marco Figueroa shared that a hidden prompt instructs Gemini to display a warning claiming the recipient’s Gmail account has been compromised. It then prompts the user to call a fraudulent customer support number, providing scammers with direct access to sensitive account details.
How to stay safe?
To stay safe from such attacks, experts recommend that Google introduce filters that remove or neutralise hidden content within emails. They also suggest using post-processing tools to flag suspicious summaries and ask users not to rely on AI-generated alerts for security decisions.
Meanwhile, TechRadar has quoted a Google spokesperson as saying, “We are constantly hardening our already robust defences through red-teaming exercises that train our models to defend against these types of adversarial attacks.” The company has also published a blog detailing its current countermeasures against prompt injection threats.
Follow Us
Himani Jha
Himani Jha is a tech news writer at Digit. Passionate about smartphones and consumer technology, she has contributed to leading publications such as Times Network, Gadgets 360, and Hindustan Times Tech for the past five years. When not immersed in gadgets, she enjoys exploring the vibrant culinary scene, discovering new cafes and restaurants, and indulging in her love for fine literature and timeless music. View Full Profile
