Phishing For Gemini


A security researcher, Marco Figueroa, reported via Mozilla’s 0DIN bug bounty program that Google Gemini for Workspace is vulnerable to a clever form of invisible phishing known as indirect prompt injection. By embedding hidden HTML/CSS instructions tags styled with white text or zero font size—attackers trick Gemini’s “Summarize this email” tool into displaying fabricated security alerts. These alerts might falsely warn of compromised Gmail passwords and urge users to call scam phone numbers or visit phishing sites, all without any malicious links or attachments.

Source and image: https://0din.ai/blog/phishing-for-gemini

Comments