Google Gemini Tricked Into Showing Phishing Message Hidden in Email

A researcher has found that Google Gemini for Workspace is affected by a prompt injection vulnerability that can be exploited to trick the AI assistant into displaying a phishing message.

The weakness was found by Marco Figueroa and reported through Mozilla’s 0Din bug bounty program, which focuses on gen-AI vulnerabilities.

The researcher’s hack involves sending the targeted user an email that, in addition to a benign lure text, contains a phishing message that is written with white font on a white background, making it invisible to the target.

This phishing message, which needs to be wrapped inside tags, instructs Gemini to include the message at the end of its response.

When the target uses Gemini’s ‘summarize this email’ functionality to get a summary of the attacker’s email, in addition to a summary of the text visible to the victim, Gemini displays the phishing message. That is ...