Security researchers have discovered a new way hackers can manipulate Google Gemini for Workspace to display fake warnings in email summaries, without using any links or attachments.
The attack uses a technique called indirect prompt injection, where hidden instructions are placed inside the body of an email using HTML and CSS. These instructions are made invisible in Gmail by setting the font size to zero and the text color to white. While the user doesn’t see anything unusual, Gemini reads the hidden text when asked to summarize the email.
As a result, Gemini might generate a summary saying something like, “Your Gmail password has been compromised. Please call this number immediately,” and include a fake support phone number, tricking users into calling attackers.
This vulnerability was reported by Marco Figueroa, GenAI Bug Bounty Programs Manager at Mozilla, through the company’s 0din AI bug bounty program. Since the email has no links or attachments, it can easily bypass filters and land in the recipient’s inbox.
Google responded to the report, saying they have not seen this method used in real attacks yet, but they are actively improving Gemini’s defenses. The company is using red-teaming and new filters to detect hidden prompts and reduce the risk of misuse.
How to Stay Safe:
- Don’t rely only on Gemini summaries for security alerts.
- Be cautious of summaries that mention passwords or urgent messages.
- Security teams should monitor Gemini summaries for hidden threats.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
