Urgent Warning Issued for 1.8 Billion Gmail Users Over AI-Driven Phishing Attacks
LONDON, July 20 (VOM-Voice of Malaysia): A new form of sophisticated cyberattack is putting over 1.8 billion Gmail users worldwide at serious risk, cybersecurity experts warn. The attack exploits Google’s AI assistant, Gemini, to carry out deceptive phishing schemes without users’ knowledge, according to a report by the Daily Mail.
Hackers are now embedding hidden prompts inside emails that trick Google Gemini into generating fake warnings or messages, such as claims that a user’s account has been hacked and urging them to call a fake “Google Support” phone number.
What makes this attack especially dangerous is its stealth: the malicious instructions are written in white text with a font size of zero, rendering them invisible to the human eye but fully readable by AI tools like Gemini.
The Tactic: “Indirect Prompt Injection”:
This manipulation method, dubbed “indirect prompt injection,” exploits the AI’s inability to distinguish between legitimate user queries and hidden attacker instructions. When Gemini processes the email, it follows the embedded commands and generates misleading summaries or alerts.
Security researchers at Mozilla recently demonstrated a successful attack where Gemini falsely warned a user of a password breach—a message entirely crafted by the attacker.
Expert Recommendations:
Cybersecurity professionals advise Gmail users and organizations to take immediate precautions:
-
Enable detection tools that can flag hidden or zero-size text and suspicious formatting within emails.
-
Use post-processing scanners to filter out urgent messages containing suspicious URLs or phone numbers.
-
Do not trust Gemini summaries that suggest password theft or prompt clicking unfamiliar links—Google never uses Gemini to issue such warnings.
-
Delete any email immediately if it shows unusual security alerts or urges quick action via unfamiliar contacts.
Google’s Stance Raises Concerns:
Despite being aware of the vulnerability since early 2024, Google has reportedly classified the issue as “will not fix,” stating that this behavior is not considered a flaw but a design feature of Gemini. The company has implemented some safety features but has chosen not to treat the hidden instruction issue as a priority.
This decision has shocked many cybersecurity experts, who argue that refusing to recognize indirect prompt injection as a problem may open the door for more dangerous AI-driven attacks in the future.
As AI continues to integrate deeper into everyday tools like Gmail, experts stress the urgent need for robust safeguards, greater user awareness, and a reassessment of how AI systems interpret and act on embedded data.
📲 Read the full story and stay updated with Voice of Malaysia
🔗www.vom24.com/
👇 Follow us for more updates!
✅ Facebook: facebook.com/vomvoiceofmalaysia
✅Twitter: x.com/vomalaysia
✅ Instagram: instagram.com/voiceofmalaysia
✅ YouTube: youtube.com/@vomtv24