Warning to all 1.8bn Gmail users over ‘hidden danger' that steals password without you noticing – what to watch out for
The new type of attack has been flying under the radar, attacking an eye-watering 1.8 billion Gmail users without them even noticing.
2
Malicious actors are targeting 1.8 billion Gmail users through an email scam
Credit: Getty
Users therefore need to make sure they follow the correct instructions in order to combat the malicious activity.
Thieving hackers are using Google
Gemini
- the company's AI built-in tool - to trick users into giving over their
Cybersecurity experts have found that
These tricks users into
READ MORE TECH NEWS
The
Shady
GenAI bounty manager Marco Figueroa demonstrated how such a dangerous prompt could falsely alert users that their email account has been compromised.
These warnings would urge victims to call a fake "Google support" phone number provided, in order to resolve the issue.
Most read in Tech
To fight these prompt injection attacks, experts have made a number of recommendations that users should act on immediately.
They firstly suggested that companies
Google adds AI upgrade to your Gmail that writes emails for you – find it in seconds if you're eligible for freebie
This should help counter hackers sending invisible text within emails.
Security experts also recommended that users implement post-processing filters to scan inboxes for suspicious elements like "urgent messages", URLs, or phone numbers.
This action could bolster defences against threats.
The scam was brought to light after research, spearheaded by Mozilla's 0Din security team, showed proof of one of the hostile attacks last week.
The report showed how hackers tricked Gemini into showing a fake security alert.
It warned users their password had been stolen - but the message was fake and designed to steal their info.
The trick works by hiding a secret size zero font prompt in white text that matches the email background.
So when someone clicks "summarise this email" using Gemini, the tool reads the hidden message - not just the visible bit.
This form of manipulation is named "indirect prompt injection", and it takes advantage of AI's inability to differentiate between a user's question and a hacker's embedded message.
AI cannot tell the difference, as both messages look like text, and it will usually follow whichever comes first - even if it is malicious.
As Google have failed to patch this method of scamming victims, the door is still open for hackers to exploit this technique.
Sneaking in commands that the AI may follow will be an effective method of leaking sensitive data until users are properly protected against the threat.
AI is also incorporated into Google Docs, Calendar, and outside apps - widening the scope of the potential risk.
Google has reminded users amid this scamming crisis that it does not issue security alerts through Gemini summaries.
So if a summary tells you that your password is at risk, or prompts you with a link to click - users should always treat it as suspicious and delete the email.
2
Users need to follow the steps to protect against the scam
Credit: Alamy
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Irish Times
17 hours ago
- Irish Times
Is it time for a new kind of CEO at Apple?
Apple 's continuing artificial intelligence (AI) problems mean a few brave analysts are saying the quiet part out loud: it might be time for Tim Cook to go. 'Apple now needs a product-focused CEO, not one centred on logistics,' New York-based LightShed Partners said in a recent note. The note made waves, but Cook's position is thought to be secure. Apple's board is loyal and while shares have lagged behind over the past year few investors are reaching for the panic button. Under Cook, Apple's market value has ballooned from $340 billion (€293 billion) to $3.1 trillion, a return that tends to silence complaints. Still, that Cook's position is even being discussed says something. READ MORE No one disputes Cook's achievements – even LightShed admits he has done 'a great job' since 2011 – but some wonder if the traits that suited Apple's past may not fit its future. A master of optimisation, Cook perfects rather than pioneers. That made him the ideal steward of Apple's golden decade. Under his tenure, margins stayed fat, supply chains got leaner and stock buy-backs flowed. He kept the iPhone at the heart of a sleek ecosystem and steered Apple through Covid and geopolitical headwinds. However, much of this success came from refining and scaling ideas inherited from the Steve Jobs era. Whether he's the one to lead Apple's next act is less clear, with some suggesting AI demands a different skill set, one rooted in bold product vision rather than operational mastery. For now, Cook remains firmly in charge, but the AI era is forcing even Apple to confront uncomfortable questions about what comes next.
The Irish Sun
a day ago
- The Irish Sun
Google down: Workspace hit with huge outage as users battle to access Gmail, Google Drive and more
GOOGLE is facing outages as users report delays and errors across a number of services. The service reported that the incident began at 3.10pm and is affecting Gmail, Google Drive, Google Meet and Google Workspace. Advertisement 2 A number of Google services are experiencing problems Credit: Getty 2 It is primarily affecting the Workspace products including Gmail and Google Docs Credit: Getty According to Hundreds of users have logged issues with the service. This is affecting platforms like Google Docs, Google Chat and Google Analytics. A Advertisement Read more Tech Users flocked to X to complain about the ongoing issues. One said: "Google would go down on a Friday lol like this couldn't wait til Monday?" Another said: "Google drive is down? Well my work day is over then."
The Irish Sun
2 days ago
- The Irish Sun
Google slammed over ‘utter nonsense' video doorbell subscription fee hike – three alternatives people are switching to
HOUSEHOLDS using Google's home security gadgets have hit out at the company's decision to raise subscription fees. Nest is a popular rival to Ring, with doorbell and video camera devices among the portfolio. 2 Google acquired Nest for $3.2billion in 2014 Credit: Getty 2 Customers will have to pay at least £2 / $2 more a month for their subscription Credit: Getty The devices are free to use for live monitoring and answering to whoever is knocking at the door. But much like Ring, if you want to store video recordings in the Well, that fee is rising from next month and customers have called it "utter nonsense". "I'd rather throw my Nest devices in the trash and outlay the upfront cost for another brand rather than be subject to another price increase," one user raged on Reddit. Read more about Google "It's getting hard to support Google/Nest when they keep f***ing us over," another commented. "We have had Nest Aware for many years now and after today's email enough is enough," a third person wrote. The increases are coming for customers in the UK and US. Nest Aware, which provides 30 days of event video history, is going up by £2 / $2 a month to £8 / $10. Most read in Tech For an annual subscription, it'll now set you back £80 / $100, up from £60 / $80 previously. Black bear stuns homeowners by ringing doorbell Until now, you'd have to pay £12 / $15 per month, but going forward it'll be £16 / $20, an increase of £4 / $5. The same goes for annual subscriptions, which jump from £120 / $150 a year, to £160 / $200. "Subscription prices can change to keep up with market shifts, which can include inflation and local tax updates," Google says. "We'll notify you through email at least 30 days ahead of a price increase in your country or territory." TIME TO SWITCH? By Jamie Harris, Assistant Technology and Science Editor at The Sun Naturally at times like this, customers start to consider if it's time to switch to another provider. That obviously means the potentially expensive task of replacing all your existing gadgets before you feel any long-term savings. When it comes to video doorbells and home security cams, the fees come from video storage on the cloud. But there are some brands that allow you to store videos locally on your own hard drive instead, so you don't need to pay extra. You'll need to clear the videos routinely otherwise you're going to need a lot of hard drives - and they're going to cost you more than using the cloud. Some of the brands people have mentioned they are switching to online include: Eufy Ubiquiti Tapo So if you're affected and considering a switch, it might be worth doing a bit of research on these.
