Warning to all 1.8bn Gmail users over ‘hidden danger' that steals password without you noticing – what to watch out for
The new type of attack has been flying under the radar, attacking an eye-watering 1.8 billion Gmail users without them even noticing.
2
Users therefore need to make sure they follow the correct instructions in order to combat the malicious activity.
Thieving hackers are using Google Gemini - the company's AI built-in tool - to trick users into giving over their credentials.
Cybersecurity experts have found that bad actors are sending emails with concealed instructions that cause Gemini to generate fake phishing warnings.
These tricks users into sharing personal account information, or visiting malicious websites.
The emails are usually constructed in a manner which makes them appear urgent - and occasionally from a business.
Shady hackers will craft these emails by setting the font size to zero and the text colour to white - before inserting prompts invisible to users but picked up by Gemini.
GenAI bounty manager Marco Figueroa demonstrated how such a dangerous prompt could falsely alert users that their email account has been compromised.
These warnings would urge victims to call a fake "Google support" phone number provided, in order to resolve the issue.
To fight these prompt injection attacks, experts have made a number of recommendations that users should act on immediately.
They firstly suggested that companies configure email clients to detect and neutralise hidden content in message bodies.
Google adds AI upgrade to your Gmail that writes emails for you – find it in seconds if you're eligible for freebie
This should help counter hackers sending invisible text within emails.
Security experts also recommended that users implement post-processing filters to scan inboxes for suspicious elements like "urgent messages", URLs, or phone numbers.
This action could bolster defences against threats.
The scam was brought to light after research, spearheaded by Mozilla's 0Din security team, showed proof of one of the hostile attacks last week.
The report showed how hackers tricked Gemini into showing a fake security alert.
It warned users their password had been stolen - but the message was fake and designed to steal their info.
The trick works by hiding a secret size zero font prompt in white text that matches the email background.
So when someone clicks "summarise this email" using Gemini, the tool reads the hidden message - not just the visible bit.
This form of manipulation is named "indirect prompt injection", and it takes advantage of AI's inability to differentiate between a user's question and a hacker's embedded message.
AI cannot tell the difference, as both messages look like text, and it will usually follow whichever comes first - even if it is malicious.
As Google have failed to patch this method of scamming victims, the door is still open for hackers to exploit this technique.
Sneaking in commands that the AI may follow will be an effective method of leaking sensitive data until users are properly protected against the threat.
AI is also incorporated into Google Docs, Calendar, and outside apps - widening the scope of the potential risk.
Google has reminded users amid this scamming crisis that it does not issue security alerts through Gemini summaries.
So if a summary tells you that your password is at risk, or prompts you with a link to click - users should always treat it as suspicious and delete the email.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Sun
31 minutes ago
- The Sun
Four fun EVs to ease the switch for petrolheads – but expert warns of two hurdles brands face despite government grant
THE FUTURE is undoubtedly electric, as manufacturers steadily shift their focus from petrol-powered motors to electric ones. However, it's perfectly understandable that many car enthusiasts aren't quite ready to embrace this change. 2 2 The absence of traditional driving traits, such as the sound, vibration and gear changes associated with internal combustion engine cars is widely regarded as a pretty big loss. But in an interview with EVPowered last year, former Top Gear host James May implored enthusiasts to give electric power a chance, adding: 'If you're a true car enthusiast, you have to take an interest in the future of the car.' Change is hard though, and manufacturers face a tricky few years helping drivers - from petrolheads to casual fans - make the transition. It's something Steve Walker, Head of Digital Content at Auto Express, told Sun Motors in a recent exclusive chat. He said: 'The evolution of performance EVs faces two main challenges. 'Firstly, EVs are inherently heavy due to their batteries, which works against them being as nimble and fun to drive as petrol cars. 'Secondly, enthusiasts tend to love cars partly because they've formed a deep emotional connection to the history and heritage of performance brands and their cars over the years. 'EVs are a real break from this past. They don't have the same authenticity and don't offer the same sounds and sensations that petrol cars do. This makes them less appealing initially. 'That said, manufacturers know they need to engage enthusiasts. These are the people who are willing to pay for premium and performance models. 'They're also the people who help generate the culture and interest around car brands through their passion for the cars, bringing the brand's products to a wider audience. Alpine A290 GTS delivers a hot hatch EV that comes with F1-style 'overtake button' 'So, manufacturers are working on creating EVs that feel better to drive and more connected to that heritage. 'We're already seeing features like simulated engine noises and artificial 'manual gear changes' in performance EVs to mimic that petrol car driving experience. 'Looking ahead, technologies such as lighter solid-state batteries and in-wheel electric motors could reduce weight and improve driving dynamics, helping EVs become more exciting and appealing to enthusiasts.' CHARGING UP Something that might sway some drivers - petrolheads or otherwise - is the introduction of the Electric Car Grant by the government that was announced earlier this week. It sees £650 million set aside for drivers to enjoy a discount of up to £3,750 taken off the price of EVs priced under £37,000. That funding, planned to run until the 2028-29 financial year, also only counts towards models from brands that have committed to a so-called Science-Based Target (SBT) for emissions. Fewer than 50 new EV models would qualify for the grant, providing they meet the required criteria. Among them is the super-fun Alpine A290, starting at £33,000 for the base model, as well as the Abarth 600e - specifically, the 237bhp base model, which just fits within the grant threshold - and the Mini JCW Electric with its 255bhp. Walker said: 'While performance car fans aren't likely to be as excited about EVs as company car drivers or family buyers, who are often more focused on costs or practicality, there are a few current models that deserve to grab enthusiasts' interest. 'The Hyundai Ioniq 5 N is a prime example - it was actually the first EV to win the Auto Express Performance Car of the Year award in 2024, marking it as a real pioneer of fun electric cars. 'Another interesting option is the Alpine A290, but overall, fun EVs are still very much in their infancy and quite rare compared to petrol alternatives, which remain fundamentally better at delivering the traditional thrills that enthusiasts crave.' MAKING THE SWITCH Switching from a petrol-powered car to an EV can feel like a daunting step for some. The challenge for the industry is to make EVs with emotional appeal Steve Walker, Auto Express However, Walker offers valuable advice for those ready to take the leap into the world of electric cars. 'For enthusiasts making the switch, it's important to recognise that EVs today are different beasts - heavier and quieter, with driving sensations that don't replicate the petrol experience,' he said. 'They're also fast, with an immediate power delivery that most petrol models can't match. 'As the technology improves, expect EVs to become more engaging and responsive. 'Manufacturers still need 'halo' cars that generate interest and showcase innovation. As the legislation stands in Europe, these will have to be EVs. 'Ultimately, without enthusiasts, cars risk becoming just another consumer product like a phone or washing machine. 'The challenge for the industry is to make EVs with emotional appeal through which drivers can express their personality and passion, just as petrol cars have done for decades.' CHARGE ANYTIME OVO's Charge Anywhere gives EV drivers access to everything they need to charge on the go, in one app - everything from route planning to locating working chargers, and paying for charging. And by signing up to a Boost plan, drivers can get up to 15% off public charging. It is open to all EV drivers, you don't have to be an OVO customer, and is free to join, just download the OVO Charge app on the App Store or Google Play. Drivers get access to the biggest charging networks, including over 50,000 UK public chargers and over 400,000 across Europe. More information can be found HERE OVO customers can enhance their energy tariffs by adding Charge Anytime, enabling them to charge their electric vehicles at a market-leading rate of 7p per kWh, any time of the day or night. This rate is 90% cheaper than public charging and 80% less than the cost of petrol. With Charge Anytime, customers can charge their car for just £217 per year, based on average consumption. This represents a saving of £542 compared to the UK's average SVT charging rate. More information can be found HERE. OVO Beyond Customers who sign up to OVO's free rewards programme, Beyond, can enjoy 100 free miles every month for two years. This adds up to 2,400 free miles in total, ready to use when they decide to make the switch to an electric vehicle. OVO Offers OVO customers can benefit from up to 30,000 free EV miles when they purchase or lease an electric car from Volkswagen. This offer applies across all VWG brands, including Audi, CUPRA, Skoda, and VW. Customers receive 10,000 free miles every year for three years, provided they remain OVO customers. Additionally, customers can earn 1,000 free miles on the anniversary of their Charge Anytime sign-up for the first three years.
Daily Mail
an hour ago
- Daily Mail
BREAKING NEWS Global hack on Microsoft exposes US agencies, energy giants
Tens of thousands of Microsoft servers are currently at risk exposing dozens of US government agencies and businesses after hackers launched an unprecedented global attack. Authorities are investigating after SharePoint servers were compromised in the last few day, The Washington Post reports. The platform is used to share and manage documents and remain at risk as Microsoft is yet to fix the flaw, per the outlet. Users are being urged to take the servers offline or make changes to the SharePoint programs to protect themselves. The attack is currently not affecting servers housed on the cloud such as Microsoft 365 and only impacts those housed within an organization. The breach is known as a 'zero day' attack as it targets a previously unknown vulnerability. The hack is being investigated by the US government in partnership with officials in Australia and Canada.
Daily Mail
2 hours ago
- Daily Mail
As a bombshell new book raises safety questions, have Elon Musk's dreams of a world full of driverless Teslas already run off the road?
Elon Musk was in typically combative mood when he declared on his own social media platform, X: 'There is a large graveyard filled with my enemies. I do not wish to add to it, but will if given no choice. Those who challenge me do so at their own peril.' That was in 2023, when Musk could still just about make such statements without triggering an avalanche of contempt. But we are now in 2025 and it's increasingly clear that Musk is going to need a bigger graveyard. The list of his enemies is growing exponentially. Since making that statement, the workaholic Musk has entered into, and fallen spectacularly out of, a political alliance with Donald Trump. This has made him persona non grata for large chunks of the global population, Left and Right, not to mention the man in the White House. Today, millions revel in his misfortune. And the bad news keeps flowing. This month, his artificial intelligence system, Grok, went rogue and started praising Hitler, just weeks after yet another of his spaceships blew up. Reports about his drug use and erratic behaviour proliferate. And various mothers of what he has called his 'legion' of children seem eager to condemn him. Worse, perhaps, his most precious business baby, Tesla, is experiencing deep problems. At the start of this month, the car company, once widely hailed the greatest force for an eco-friendly and sustainable future, reported a sharp plunge in its second quarter sales. Tesla stock has dropped by about 25 per cent this year, partly as result of Trump's international tariff agenda. Sales of the company's new flagship product, its Cybertruck, have tanked. And even Musk's own brother, Kimbal, has sold some $31million of Tesla shares. To make matters more dire, last week a sensational new book containing a multitude of shocking allegations against both Tesla and Musk was published. In The Tesla Files, Sonke Iwersen and Michael Verfurden, two reporters in Germany, have pulled together countless whistleblower testimonies, leaked internal company documents, as well as allegations of corporate malfeasance and terrifying claims of safety issues with Tesla vehicles. Tesla's salesmen like to boast about not spending too much on media messaging. Their amazingly futuristic products do the PR work for them, they say. But Iwersen and Verfurden's work might cause the company to rethink that approach. The authors of The Tesla Files speak to the widows of men who have died in Tesla accidents and never had the cause of the crash adequately explained. They reveal how Tesla's obsession with elegant design, including those sleek retractable handles on the doors of various models, can make it impossible for drivers to be pulled out of the wreckage of their much-loved cars. The most alarming material concerns Tesla's 'autopilot' mode, which is supposed to make cars ever more safe by removing the scope for human error. Leaked documents show thousands of customer complaints, many suggesting that – similar to some genius invention gone horribly wrong in a sci-fi horror film – the technology can cause crashes instead of stopping them. 'Unintentional acceleration', where the computer elects to speed up for no good reason, is one concern. Another is 'phantom braking', when a Tesla dangerously slows down or stops unexpectedly. Given that Teslas can accelerate from 0 to 62mph in 3.8 seconds, and decelerate just as quickly, these phenomena have inevitably led to some extremely dangerous situations. 'After dropping my son off in his school parking lot, as I go to make a right-hand exit it lurches forward suddenly,' said one complainant. 'My autopilot failed/malfunctioned this morning [car didn't brake] and I almost rear-ended somebody at 65mph,' said another. 'Today, while my wife was driving with our baby in the car, it suddenly accelerated out of nowhere,' added a third. Other customers report in the book that their vehicles 'jumped lanes unexpectedly', shoving them into oncoming traffic or concrete road barriers. One 'driver', a physician from California, claims her vehicle steered her directly into a concrete post. '[The post] toppled over but the car didn't stop. I hit the next post. The airbag deployed and I was in shock,' she said. The driverless revolution is well under way in America, and the UK isn't far behind. Here, autopiloted cars are required to have a human behind the wheel, but the Government has sanctioned trials of genuinely driverless cars, which taxi service Uber last month announced it will begin in London next spring. But those stepping into an empty cab only months from now might want to heed the words of tech entrepreneur Vivek Wadhwa. He called himself a 'Tesla fanboy' having bought one after meeting Musk in 2013, and recounts in The Tesla Files how he invited the news channel PBS to experience the wonders of his autopilot system in 2017. As the camera rolled, he found himself having to slam on the brakes as his car sped towards another. 'Elon keeps pushing a lie,' says Wadhwa. 'People are dying because of Tesla's faulty technology.' It's a claim currently being investigated in court as the firm's lawyers defend the role its autopilot system played in a crash that killed a young woman. In 2019, Tesla owner George McGee had the autopilot function of his Tesla Model S activated as he was driving in Key Largo, Florida. Documents filed with the Miami federal court state that he'd lost sight of the road as he bent down to pick up his phone. In that moment, McGee's car allegedly shot through a T-junction at 60mph and crashed into the side of a parked truck. Standing next to the truck was its owner Dillon Angulo, who was seriously injured, and his girlfriend Naibel Benavides Leon, 22, who was flung into nearby trees and died. McGee alleges this was due to a fault with the car's autopilot. In its motion for a summary judgment last month, Tesla argued that the autopilot feature 'did not make the car 'self-driving' and that McGee was aware 'that it was still [his] responsibility to operate the vehicle safely even with autopilot activate'. The publication of Iwersen and Verfurden's book could hardly have come at a worse time for the firm. Tesla will no doubt point to steps it has taken to mitigate problems with unwanted acceration and braking impairing 'safe operation of the vehicle' that one of the car-maker's engineers listed in May 2018. Indeed, a fault-prone radar system was removed and now Tesla's camera-only technology appears to have decreased erroneous speeding episodes. But Iwersen and Verfurden claim that 'phantom braking' incidents have continued to rise. A German automotive technician, Jurgen Zimmermann, suggests that Tesla's video software mistakes shadows or other harmless objects for obstacles, thus triggering the brakes unnecessarily. Furthermore, earlier this year, a study from LendingTree insurance found that Tesla drivers are still involved in more accidents than drivers of any other brand. The rate of Tesla crashes has reportedly increased – to just under 27 accidents per 1,000 drivers, from almost 24 per 1,000 the year before. All car manufacturers have struggled to make autonomous vehicles work perfectly. But no CEO has been more publicly adamant than Elon Musk in insisting that the age of driverless cars is already upon us. 'I really consider autonomous driving a solved problem,' he said in 2016. In 2019, he added that buying anything other than a Tesla would be 'like owning a horse in three years'. But Tesla's head of autopilot software was recently forced to admit in another court case that, in testing, a human driver had to intervene repeatedly to prevent accidents. Since 2024, Tesla has felt compelled to label its autopilot system: 'Full self-driving (supervised)', which is something of a contradiction in terms. 'Do not become complacent,' the company now tells customers, which goes against Musk's vision that Tesla owners should be able to sleep while being whisked to their destination. In the case of Naibel Benavides Leon, Tesla may well cite an October 2024 judgment, in which a California court dismissed a lawsuit accusing Tesla of misleading investors about its autopilot system. 'Justice prevails,' tweeted Musk in triumph. But his company had to rely on what lawyers call the 'puffery defence', the argument that customers should not take marketing claims too literally. As Iwersen and Verfurden put it: 'Like a conductor guiding an orchestra, [Musk] plays with the fantasies of his fans and shareholders. His career is built on making promises about the future... Musk's product is the promise.' This is not to deny that Musk is a truly brilliant innovator or business creator. On the contrary, he is a true disruptor and in many ways a genius. Without him, great strides in electric transportation and space travel would not have been made. It's also worth noting that many of the testimonies in The Tesla Files come from disgruntled ex-employees who clearly resent Musk's 'ultra hardcore' work ethic. Perhaps it is no coincidence that Iwersen and Verfurden work for Handelsblatt, the newspaper of the German business elite, and Musk's Tesla has always been a threat to the leading German manufacturers such as Mercedes, BMW and Volkswagen. But it's also the case that, in building a sort of cult of personality around himself, Musk has managed to distract from the failings of his businesses. The manufacturer has declined to comment on Iwersen and Verfurden's research, and is yet to respond to the Mail's inquiry. For his part, Musk appears to have a semi-messianic faith in himself. He believes that he is improving and protecting humanity for centuries to come, so any misery he may cause in the here and now will be worth the pain. According to this credo, Tesla deaths today can be justified by the future possibility of entirely safe human-error-free transportation. Try telling that to the grieving families of the Tesla drivers who have lost their lives.
