A new type of email attack is targeting Gmail users without them ever noticing. Hackers are using Google Gemini, the AI built-in tool in Gmail to trick users into handing over their credentials. Cybersecurity experts found that hackers are sending emails with hidden instructions that prompt Gemini to generate fake phishing warnings, tricking users into sharing their account password or visiting malicious sites. These emails are crafted to appear urgent and sometimes from a business. By setting the font size to zero and the text color to white, attackers can insert prompts invisible to users but actionable by Gemini. Instead of fixing the issue, Google marked the report as "won't fix," meaning they believe Gemini is working the way it's supposed to. Google has reminded users that it doesn't issue security alerts through Gemini summaries. So, if a summary tells you that your password is at risk or gives you a link to click, treat it as suspicious and delete the email. Security experts are urging Gmail users to adopt two-factor authentication and passkeys, which provide strong protection against these kinds of phishing campaigns.
