A new email attack targets 1.8 billion Gmail users by exploiting Google Gemini, an AI tool. Hackers send emails with hidden commands that generate fake phishing warnings, deceiving users into giving up account credentials. The emails appear urgent and can be made to look official. By changing font size to zero and text color to white, attackers insert invisible prompts. Experts recommend configuring email clients to detect hidden content and using filters to identify suspicious elements, bolstering defenses against these advanced threats. The technique, termed indirect prompt injection, highlights AI's vulnerability to manipulative tactics.
Hackers are exploiting Google Gemini, an AI tool in Gmail, to craft urgent emails that trick users into sharing their credentials through hidden instructions and fake security alerts.
By altering the font size to zero and changing text color to white, attackers manage to insert invisible prompts that trigger Gemini to generate deceptive phishing warnings.
Cybersecurity experts suggest configuring email clients to detect hidden content and implementing filters to scan for urgent messages or suspicious elements, enhancing defenses against email attacks.
The method, known as indirect prompt injection, allows hackers to manipulate AI systems like Gemini into generating responses based on invisible instructions embedded within the email body.
Collection
[
|
...
]