Gmail users, beware! Scammers are misusing Google Gemini AI to generate fake alerts through hidden prompts in order to steal your passwords.
Gmail Scam: A new and dangerous warning has emerged for the millions of Gmail users. Cybercriminals are now misusing Google's powerful Gemini AI to steal passwords and sensitive information from users' Gmail accounts. The method of this new scam is so clever and hidden that the average user may not even realize it. In such a situation, it becomes very important to know how this scam works and how you can stay safe from it.
What is this new Gemini AI Scam?
Gemini, developed by Google, is an advanced AI assistant integrated into apps like Gmail and Google Workspace. It helps users summarize emails, generate replies, and manage schedules. But now, this same technology has become a new weapon for cybercriminals. Cyber security researcher Marco Figueroa has revealed that scammers are sending emails containing hidden AI instructions (Hidden Prompts). These instructions are inserted into the email through HTML and CSS code in white text and very small font sizes so that they cannot be read by the eyes, but AI tools like Gemini can read them.
How do users get trapped by Gemini?
When a user opens such an email and asks Gemini AI to summarize it, the AI reads these hidden instructions. After this, Gemini displays a fake alert, such as – 'Your Gmail account has been hacked. Call this number immediately for assistance: 1800-XXX-XXXX' This looks completely real and the user panics and calls that fake number. Then the scammers, posing as Google Customer Support, ask the user for their Gmail password, OTP, and other sensitive information, and with a small mistake by the user, their entire account is put at risk.
How serious is this scam?
Gmail is the world's largest email service and has more than 1.8 billion active users. If this scam spreads rapidly, the personal information, bank details, social media logins, and personal files of millions of people could be at risk. The most dangerous aspect of this technology is that the user doesn't get a chance to understand anything. Everything happens through an AI-generated summary, which was previously considered safe.
How to avoid this dangerous Gemini Scam?
Cyber security experts have given some important suggestions to avoid such AI-based scams:
1. Never trust links or numbers given in unknown emails
No matter how serious the email may seem, do not call any alert or customer care number without verifying it.
2. Use only Google's official website and support channels
The real URL of Gmail is: https://mail.google.com – any URL other than this can be dangerous.
3. Be cautious of Gemini summaries
If a summary is warning you or giving a phone number, check it on the Google Help Center first.
4. Be sure to activate Two-Factor Authentication (2FA) in your Gmail account
This makes it difficult to access your account even if your password is stolen.
5. Scrutinize your emails daily and report suspicious emails by clicking on 'Report Phishing'.
6. Change your passwords from time to time and do not share them with anyone
Use b and unique passwords that include letters, numbers, and symbols.
Google's response and upcoming steps
According to reports, Google has been informed about this scam and the company is working on security updates against it. Although Gemini AI is still new and it is not entirely possible to control its behavior, Google has appealed to users to be extra cautious. Google is also looking at which instructions Gemini AI prioritizes and how scammers are fraudulently directing it.
