Tue, 21-Oct-2025

Google Ads | Google Ads | Google Ads | Google Ads | Google Ads | Google Ads | Google Ads | Google Ads

Beware Gmail users: Gemini AI scam targeting Gmail accounts, check these safety options

Beware Gmail users: Gemini AI scam targeting Gmail accounts, check these safety options

Beware Gmail users: Gemini AI scam targeting Gmail accounts, check these safety options

According to the source, Cybercriminals have found a new way to scam Gmail users—by hijacking Google’s own AI, Gemini. This clever scheme tricks people into handing over their passwords by using hidden commands that manipulate Gmail’s built-in summarizer.

How the Scam Works:

Hackers hide invisible instructions in emails using HTML and CSS tricks—like setting the font size to zero or matching the text color to the background. While users don’t see this hidden text, Gemini does. When it summarizes the email, it reads those hidden commands and generates fake security alerts claiming your Gmail account has been compromised.

The AI summary then includes a fake support number and urges the user to call immediately. Once the user calls, the scammers try to extract their password or other sensitive information.

Why This Scam Is Especially Dangerous:

This attack is stealthy. Since the emails don’t contain visible phishing links or attachments, they often slip past Gmail’s traditional security filters. And because the warnings appear to come from Gemini—a trusted AI tool—many users believe them.

What the Experts Are Saying:

Cybersecurity researchers from Mozilla’s 0Din bounty team, including Marco Figueroa, discovered the threat. They warn users not to treat Gemini’s summaries as official security notices.

Google has confirmed the issue and is working on countermeasures. While some defenses like red-teaming and hidden-text filters are being tested, a full fix hasn’t been rolled out yet.

What You Should Do Right Now:

  • Avoid using Gemini’s “Summarize Email” feature for any message that seems suspicious or urgent.
  • Manually review the content of any email claiming there’s a problem with your account.
  • Never call numbers provided in email summaries—especially if the email looks off.
  • Report suspicious emails using Gmail’s built-in phishing report feature.
  • Enable two-factor authentication (2FA) or switch to passkeys for added account security.

AI Can Be Helpful—But Stay Cautious:

This Gemini-Gmail scam is a reminder that even smart tools can be manipulated. Until Google rolls out a permanent fix, it’s up to users to stay alert and think twice before acting on AI-generated messages. Trust your instincts—and not just the AI.

[embedpost slug=”gmail-for-android-gets-full-screen-account-switcher-update/”]