logo
Gmail users may be at risk of being scammed by cybercriminals using Gemini

Gmail users may be at risk of being scammed by cybercriminals using Gemini

Mint5 days ago
A new cyber threat is making its way into Gmail inboxes, and this time it involves Gemini, Google's built-in AI assistant. Security researchers have identified a method where attackers manipulate Gemini into displaying false warnings, tricking users into giving away sensitive information. It is a clever tactic and one that highlights the growing concerns around AI misuse.
At the centre of this scam is a technique known as prompt injection. Attackers are embedding invisible instructions within email messages by using white text and zero font size. These hidden messages are not visible to users but can be read by Gemini when asked to summarise the email content. When the AI reads these prompts, it reacts just as the attacker intends.
For instance, Gemini might show a fake warning that your Gmail account has been compromised. It will then suggest calling a support number that connects directly to a scammer. This person may then attempt to collect your passwords, recovery codes or any other personal details. It is a sophisticated con that plays on both trust and urgency.
Cybersecurity expert Marco Figueroa has raised the alarm on how easily Gemini can be influenced by these hidden prompts. The concern is not only the vulnerability of the AI but also the way people may rely on it without question. Many users trust AI-generated suggestions and may not verify the information before taking action.
To protect yourself, experts recommend a few simple steps. Be cautious when using Gemini to summarise emails, especially those that appear urgent or security-related. Avoid calling any phone numbers mentioned in summaries unless verified independently. It is also wise to look out for strange formatting in emails, such as large empty spaces or odd layouts.
Security professionals are also urging Google to implement stronger filters that remove hidden content before it reaches AI systems. There is an ongoing effort to improve Gemini's ability to detect and ignore these kinds of prompts.
Google has acknowledged the issue and is reportedly working on improvements. According to statements, its security teams are testing Gemini against similar attacks and strengthening defences.
Until then, users are advised to stay cautious. AI can be helpful, but it is not infallible. A little scepticism and manual checking can go a long way in keeping your data safe.
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Aditya Infotech launches Rs 1,300 crore IPO
Aditya Infotech launches Rs 1,300 crore IPO

Time of India

time34 minutes ago

  • Time of India

Aditya Infotech launches Rs 1,300 crore IPO

Aditya Infotech launches Rs 1,300 crore IPO MUMBAI: Aditya Infotech, the company behind CP Plus CCTV cameras, has begun testing investor interest for its Rs 1,300 crore initial public offering (IPO) amid growing investor participation in Indian equity issuances. Aditya Infotech, in which Dixon Technologies holds a minority stake, will accept bids from July 29 to July 31, according to IPO launch details shared by the company. Aditya Infotech will sell each share at a price range of Rs 640 to Rs 675. At the upper end of the price band, the company is valued at Rs 7,912 crore. Founder Aditya Khemka and his family own about 93% of the company, which was established in 1994, just after India opened its economy in 1991. Dixon holds roughly 7% in Aditya Infotech, with vice chairman and MD Atul Behari Lall sitting on its board. The IPO comprises a fresh issue of Rs 500 crore and an offer for sale (OFS) of Rs 800 crore by the Khemkas. Shares are expected to list on August 5. After the IPO, the founding family's stake in the company will drop to around 77%. India's IPO market has experienced significant growth in recent years on the back of a robust secondary market, positioning the nation among the top five IPO markets globally. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Up to 70% off | Shop Sale Libas Undo Aditya Infotech intends to use the IPO proceeds to pay off Rs 375 crore of debts. Its borrowings exceed Rs 400 crore. Its profit zoomed 205% to Rs 351 crore in FY25 and revenue grew about 12% to Rs 3,112 crore during the same period. The company has a 21% market share of India's video surveillance industry, which was valued at Rs 10,620 crore in FY25 and is projected to double by FY30. Aditya Infotech, world's third largest manufacturer of surveillance products, boasts a production capacity of over 15 million units in Kadapa, Andhra Pradesh and employs about 3,200 people. Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now

Telling secrets to ChatGPT? Using it as a therapist? Your AI chats aren't legally private, warns Sam Altman
Telling secrets to ChatGPT? Using it as a therapist? Your AI chats aren't legally private, warns Sam Altman

Time of India

time42 minutes ago

  • Time of India

Telling secrets to ChatGPT? Using it as a therapist? Your AI chats aren't legally private, warns Sam Altman

Many users may treat ChatGPT like a trusted confidant—asking for relationship advice, sharing emotional struggles, or even seeking guidance during personal crises. But OpenAI CEO Sam Altman has warned that unlike conversations with a therapist, doctor, or lawyer, chats with the AI tool carry no legal confidentiality. During a recent appearance on This Past Weekend, a podcast hosted by comedian Theo Von, Altman said that users, particularly younger ones, often treat ChatGPT like a therapist or life coach. However, he cautioned that the same legal safeguards that protect personal conversations in professional settings do not extend to AI. Explore courses from Top Institutes in Please select course: Select a Course Category Data Science Artificial Intelligence Operations Management Degree Healthcare Technology Design Thinking Leadership Digital Marketing Public Policy Product Management CXO Data Analytics Finance Others others MCA PGDM Project Management Cybersecurity Data Science Management MBA healthcare Skills you'll gain: Duration: 10 Months IIM Kozhikode CERT-IIMK DABS India Starts on undefined Get Details Skills you'll gain: Duration: 11 Months IIT Madras CERT-IITM Advanced Cert Prog in AI and ML India Starts on undefined Get Details Skills you'll gain: Duration: 11 Months E&ICT Academy, Indian Institute of Technology Guwahati CERT-IITG Postgraduate Cert in AI and ML India Starts on undefined Get Details Skills you'll gain: Duration: 30 Weeks IIM Kozhikode SEPO - IIMK-AI for Senior Executives India Starts on undefined Get Details Skills you'll gain: Duration: 10 Months E&ICT Academy, Indian Institute of Technology Guwahati CERT-IITG Prof Cert in DS & BA with GenAI India Starts on undefined Get Details Altman explained that legal privileges—such as doctor-patient or attorney-client confidentiality—do not apply when using ChatGPT. If there's a lawsuit, OpenAI could be compelled to turn over user chats, including the most sensitive ones. 'That's very screwed up,' Altman admitted, adding that the lack of legal protection is a major gap that needs urgent attention. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like SRM Online MBA | India's top ranked institute SRM Online Learn More Undo Altman Urges New Privacy Standards for AI Altman believes that conversations with AI should eventually be treated with the same privacy standards as those with human professionals. He pointed out that the rapid adoption of generative AI has raised legal and ethical questions that didn't even exist a year ago. Von, who expressed hesitation about using ChatGPT due to privacy concerns, found Altman's warning validating. The OpenAI chief acknowledged that the absence of clear regulations could be a barrier for users who might otherwise benefit from the chatbot's assistance. 'It makes sense to want privacy clarity before you use it a lot,' Altman said, agreeing with Von's skepticism. Chats Can Be Accessed and Stored According to OpenAI's own policies, conversations from users on the free tier can be retained for up to 30 days for safety and system improvement, though they may sometimes be kept longer for legal reasons. This means chats are not end-to-end encrypted like on messaging platforms such as WhatsApp or Signal. OpenAI staff may access user inputs to optimize the AI model or monitor misuse. The privacy issue is not just theoretical. OpenAI is currently involved in a lawsuit with The New York Times, which has brought the company's data storage practices under scrutiny. A court order related to the case has reportedly required OpenAI to retain and potentially produce user conversations—excluding those from its ChatGPT Enterprise customers. OpenAI is appealing the order, calling it an overreach. Debate Around AI and Data Rights Altman also highlighted that tech companies are increasingly facing demands to produce user data in legal or criminal cases. He drew parallels to how people shifted to encrypted health tracking apps after the U.S. Supreme Court's Roe v. Wade reversal, which raised fears about digital privacy around personal choices. While AI chatbots like ChatGPT have become a popular tool for emotional support, the legal framework surrounding their use hasn't caught up. Until it does, Altman's message is clear: users should be cautious about what they choose to share.

Meet Lumo, the new AI chatbot that protects user privacy
Meet Lumo, the new AI chatbot that protects user privacy

Indian Express

time2 hours ago

  • Indian Express

Meet Lumo, the new AI chatbot that protects user privacy

Proton, the company that introduced the encrypted email service Proton Mail, has now unveiled an AI chatbot with focus on user privacy. Named Lumo, the chatbot can generate code, write email, summarise documents, and much more. Proton has dubbed its AI chatbot as an alternative to ChatGPT, Gemini, Copilot, etc. The AI chatbot preserves user privacy while storing data locally on users' devices. Lumo is powered by several open-source large language models that run on Proton's servers in Europe, including Mistral's Nemo, Mistral Small 3, Nvidia's OpenHands 32B, and the Allen Institute for AI's OLMO 2 32B model. Lumo can field requests through different models depending on which is better suited for a query. The company claims that the new chatbot will protect information with 'zero-access' encryption, which grants the user an encryption key that allows them exclusive access to their data. This encryption key will block third parties and even Proton from accessing the user content, meaning the company will not be sharing any personal information. Proton has reportedly used Transport Layer Security (TLS) encryption for data transmission and 'asymmetrically' encrypts prompts, allowing only the Lumo GPU servers to decrypt them. When it comes to features, Ghost mode ensures that your active chat sessions are not saved, not even on local devices. With the Web search feature, Lumo can look up recent or new information on the internet to add to its current knowledge. It can also understand and analyse your files, but does not keep a record of them. Lastly, integration with Proton Drive makes it simple to add end-to-end encrypted files from your Proton Drive to your Lumo chats. The chatbot comes with internet search, however, it is disabled by default to ensure privacy. Once enabled, Lumo will deploy privacy-friendly search engines to provide responses to user queries. It can analyse uploaded files, but it does not store any of the data. Proton Drive files, which are meant to remain end-to-end encrypted while communicating with the chatbot, can also be linked by users to Lumo. The chatbot comes in both a free and premium version. Those without an account with Lumo or Proton, will be able to ask 25 queries per week. They will not be able to access chat histories. On the other hand, users with a free account can ask up to 100 questions per week. Lumo Plus plan is priced at $12.99 a month and comes with unlimited chats, an extended encrypted chat history, and more.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store