- Researchers warn that Gemini offers unique opportunities for fraud in workspace
- AI tools can be cheated to show fake security alerts
- Businesses should make sure that the hidden text is not taken by AI
Cyber criminals have found a creative new way to misuse Google’s Generative Artificial Intelligence (GenI) to steal people’s Gmail accounts.
Google introduces Gemini, who was added to her AI-powered Chat Boat Assistant some time ago in her workplace suit, and Gemini offers a summary of an upcoming emails-so when a person receives an email, with a different hand, with a handful of things.
Experts, however, have warned that Gmail accounts also launch the so-called “quick injection” attacks-so if the upcoming email message contains a hidden gest for Gemini, it can be hanged in the pan.
You can like
Do you have gymnasium phishing for your password?
According to security researcher Marco Figero, the email provider is now sensitive.
Using HTML and CSS, threatening actors can add a gesture for Gemini, its font size is set to zero, and its color turns white. Therefore, the affected person will not see it, but Gemini will follow it. If this gesture shows a fishing message to Gemini, it will only do it, and since this message will come from a reliable source, it increases the chances of success.
Fagero showed how a malicious gesture could inform the affected person that his email account was compromised, and Google needs to be “call” on the phone number displayed in the message to solve the problem.
Companies to prevent future quick injection attacks, companies should make sure that their email clients remove, neutralize, or ignore the materials to be hidden in the body’s text. In addition, they may include a post processing filter that scans the inbox for “quick messages”, URL or phone numbers.
Finally, businesses should educate their employees that the summary provided by the Gemini Toll should not be a substitute for security alerts.
By Blipling computer
