Researchers warn that Google’s Gemini, an AI tool integrated into Workspace, presents new opportunities for fraud. Cybercriminals exploit “prompt-injection” attacks, embedding hidden prompts in emails processed by Gemini. This could lead users to see fake security alerts urging them to call a specified number due to purported account compromises. Security expert Marco Figueroa highlights that threat actors can manipulate unnoticeable HTML and CSS text, tricking Gemini into displaying phishing messages. To mitigate these risks, businesses are advised to remove or neutralize hidden content in emails, implement post-processing filters to screen for urgent messages, URLs, or phone numbers, and educate employees on the importance of verifying information from Gemini summaries rather than relying on them for security alerts. Awareness and proactive measures are crucial in safeguarding Gmail accounts from these sophisticated tactics. Stay informed about cybersecurity practices to protect your organization effectively.
Source link
