Image courtesy Canva

Google has issued a warning to its 1.8 billion users about a new AI-based scam targeting accounts through its AI assistant, Gemini. Hackers send emails with hidden messages that trick Gemini into revealing users’ passwords without their knowledge.

This scam is unique because it uses AI against itself, with no need for users to click links. Instead, Gemini may alert users that their account is at risk. Scammers hide malicious text in emails using tiny, white font to avoid detection but still trigger Gemini. Users are advised to disable Gemini features in Google Workspace settings by turning off “Smart Features” and unlinking Gemini from Gmail and other apps. Google recently highlighted this growing threat, called “indirect prompt injection,” where hidden commands in emails or documents manipulate AI to leak data.

To combat this, Google has strengthened Gemini’s security, added machine learning to detect harmful instructions, and implemented system-wide safeguards, making attacks harder and more costly for hackers.