Urgent warning issued to 1.8bn Gmail users
A new Google scam is making its rounds, and it’s so crafty you may not realise it's happening to you. Using Google’s AI, Google Gemini, scammers are using the AI built-in tool in Gmail and Workspace to trick people into handing over their information, So, what do you need to know? (Picture: Getty)
What is Google Gemini?
Gemini is an AI-powered chatbot assistant which was introduced into its workplace suite of productivity apps in February 2024, and one of the things it can do is summarise incoming emails. It can also answer questions, generate creative text formats, translate languages, write code and even generate images (Picture: Getty)
What is the scam?
One feature of Google Gemini is that when a person receives an email, they can bring up a vertical pane on the right-hand side of the screen, where they can ask for assistance in bringing up vital information, adding calendar entries and more. However, this is where Google Gemini can be exploited. Experts say that this opens up the Gmail accounts for ‘prompt injection’ attacks, so if an email has a hidden prompt for Gemini, it can be executed in the pane (Picture: Getty)
Experts have found that scammers are sending emails with hidden instructions which prompt Gemini to generate fake phishing warnings, and trick users into sharing their account password or visiting malicious sites. The emails look like they are from a business, and often look urgent. However, in them, they have added in prompts which are written in white with the font size of one, the victim will not be able to see it but Gemini will act on it (Picture: Getty)
Then, the prompt could falsely alert users their email account has been compromised, and would urge them to call a fake Google number to resolve the issue. And that’s how the scammers could get your account details. So how can you counter prompt injection attacks? (Picture: Getty)
What should people do?
Experts recommend that companies should make sure their email clients remove, neutralise or ignore content styled to be hidden in the body text. They could also include a post-processing filter that scans the inbox for ‘urgent messages’, URLs, or phone numbers. They should also educate their employees that summaries by the Gemini tool should not be a replacement for security alerts (Picture: Getty)
Speaking to Tech Radar, a Google spokesperson said: ‘We are constantly hardening our already robust defenses through red-teaming exercises that train our models to defend against these types of adversarial attacks.’ They have also published a blog which outlines the defences it is deploying for prompt injection-style attacks (Picture: Getty)
