Gmail users are advised to remain vigilant as a new deceptive scam technique has emerged within email messages. Hackers have found a way to manipulate Google’s advanced AI Gemini service to insert fake messages into the inbox when users access the convenient summaries feature.

For those unfamiliar, Google now offers Gmail users a quick email summary using smart Gemini AI, condensing lengthy messages into easily digestible bullet points for quicker comprehension.

While this feature is a useful enhancement, it appears to harbor a hidden risk. According to reports by Bleeping Computer, cybercriminals can exploit this system to display additional text, such as adding a fraudulent warning at the end of the email summary.

One example includes a warning message claiming the detection of a compromised Gmail password, instructing users to call a provided phone number immediately with a reference code.

Mozilla experts have corroborated the potential vulnerability in the Gemini email summary feature, enabling malicious actors to embed hidden prompts that surface when messages are opened.

Google has acknowledged the flaw and assured users of its ongoing efforts to enhance platform security. A Google spokesperson informed BleepingComputer that they are continually strengthening their defenses through red-teaming exercises to combat adversarial attacks.

The tech giant from the US stated that there have been no reported user attacks using this method, and there is no widespread threat detected. However, this incident underscores the persistence of criminals in infiltrating email systems, emphasizing the need for heightened awareness.

Users are reminded that Google typically does not initiate contact with them, and if they suspect a compromised password, they should directly access Google’s official platform to take corrective measures.

It is crucial to exercise caution, refrain from trusting unsolicited emails or AI summaries, and avoid contacting any numbers unless they are verified as official hotlines.