Google Gemini can be hijacked to display fake email summaries in phishing scams

Gemini in Workspace presents unique opportunities for fraud, researchers warn
The AI tool can be tricked to display fake security warnings
Businesses should make sure invisible text is not processed by the AI

Cybercriminals have found a creative new way to abuse Google’s Generative Artificial Intelligence (GenAI) to steal people’s Gmail accounts.

Google introduced Gemini, its AI-powered chatbot assistant into its Workspace suite of productivity apps some time ago, and one of the things Gemini can do is summarize incoming emails – so when a person receives an email, they can bring up a vertical pane on the right-hand side of the screen, asking Gemini for assistance with different things, such as bringing up vital email information, adding calendar entries, and more.

However experts have warned this also opens up the Gmail accounts for so-called “prompt-injection” attacks – so if the incoming email message contains a hidden prompt for Gemini, it can be executed in the pane.

Is Gemini phishing for your password?

According to security researcher Marco Figueroa, this is exactly what the email provider is now susceptible to.

By using HTML and CSS, threat actors can add a prompt for Gemini, with its font size set to zero, and its color to white. Therefore, the victim will not be able to see it, but Gemini will act on it. If that prompt makes Gemini display a phishing message, it will do just that, and since the message would come from a trusted source, it increases the chances of success.

Figueroa showed how a malicious prompt could notify the victim that their email account has been compromised, and that they need to “call” Google on a phone number displayed in the message to resolve the issue.

To protect against future prompt injection attacks, companies should make sure their email clients remove, neutralize, or ignore content that is styled to be hidden in the body text. Furthermore, they could include a post-processing filter that scans the inbox for “urgent messages”, URLs, or phone numbers.

Finally, businesses should educate their employees that summaries provided by the Gemini tool should not be a replacement for security alerts.

Via BleepingComputer

What's Hot

My Health Anxiety Means I Won’t Use Apple’s or Samsung’s Smartwatches. Here’s Why

You can now buy the OnePlus 15 in the US and score free earbuds if you hurry

Today’s NYT Connections: Sports Edition Hints, Answers for Dec. 22 #455

Gear News of the Week: LG Debuts an RGB LED TV, and Google Brings Find Hub to Wear OS

Deals: Freebies with Google Pixels, discounts on Xiaomi 15, Poco F7 Ultra, and more

Google confirms Gemini will fully replace Assistant on phones in 2026

NYT Strands hints and answers for Monday, August 11 (game #526)

These 2 Cities Are Pushing Back on Data Centers. Here’s What They’re Worried About

Today’s NYT Connections: Sports Edition Hints, Answers for Sept. 4 #346

Most Popular

Best Fitbit fitness trackers and watches in 2025

There are still 200+ Prime Day 2025 deals you can get

The best earbuds we’ve tested for 2025

Our Picks