Google has reportedly issued a warning to 1.8 billion Gmail users around the world about a new type of scam. This sophisticated online scam uses invisible email prompts to trick its own Al assistant, Gemini into stealing passwords.

A hidden threat is silently targeting 1.8 billion Gmail users. Experts warn that cybercriminals are embedding invisible prompts using white text and zero font size to manipulate Google's Al, Gemini. When users click "summarise this email," Gemini may unknowingly prompt them to share passwords or call fake support numbers. Google has confirmed the risk, but a full fix is pending.

How the scam works

As per the report by The Sun, the hackers embed som indirect prompt injections into emails. The Google chatbot- Gemini, then read these hidden commands and display false warnings on the screen of the user. The users are then asked to click on malicious links or call some fake support lines.

The Al cannot distinguish between user queries and embedded hacker prompts which leads to the user being scammed.

What Google and experts recommend

Cybersecurity experts are urging all Gmail users to remain vigilant and adopt robust security practices. The experts have urged the users to not trust Gemini summaries which claim that their account has been compromised. The experts also advise users to configure email clients to detect and neutralise hidden content.

Mozilla's ODin security team first uncovered the exploit, showing how Gemini could be manipulated into displaying a fake alert that a user's password had been stolen. Google has acknowledged the issue but has yet to fully patch the vulnerability.