Gmail: Gmail users beware! Scammers are using Gemini to steal your passwords, know how..

Security experts have discovered a new Gmail scam that steals user data using Gemini. This AI tool, which integrates directly into Gmail via a vertical sidebar, helps users summarize emails, create calendar entries, and more. However, new research has found that cyber attackers can exploit Gemini through "prompt injection." According to cybersecurity expert Marco Figueroa, attackers are tricking Gemini into generating fake phishing alerts using hidden prompts.

It is worth noting that about 1.8 billion users have been saved from this scam. Let's know how this new Google Gemini scam works and how you can stay safe from it.

How does Gmail's Gemini scam work?

According to the report, cyber criminals are sending hidden prompts in emails using HTML and CSS, which appear to come from trusted sources. These hidden prompts are in zero font size and white color so as not to be visible to the users. When the user opens the email and asks Gemini to summarize it, the AI tool is tricked into executing the hidden prompt.

Cybersecurity expert Marco Figueroa explained that a hidden prompt instructs Gemini to display a warning stating that the recipient's Gmail account has been compromised. The user is then asked to call a fraudulent customer support number, giving scammers direct access to sensitive account details.

How to avoid this scam?

1. Avoid clicking on any unknown link.

2. Always check the URL carefully. The URL of the real Gmail website is https://mail.google.com.

3. If you receive a suspicious email, report it immediately.

4. Keep changing your password regularly.

5. Use two-factor authentication to keep your account even more secure. Remember, your vigilance is your safety. Always be alert and follow these tips to avoid falling into the trap of scammers.

Disclaimer: This content has been sourced and edited from News 18 hindi. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.