PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Phishing Attacks Target Vulnerability in Google Gemini

By Tom Nawrocki
July 16, 2025
in Fraud & Security, News
0
0
SHARES
0
VIEWS
Share on LinkedIn
crypto trojan

Hidden error in the operating system. 3D render.

A bug in Google Gemini is allowing criminals to exploit the artificial intelligence itself, using summarized emails to launch phishing attacks. Although Google has reportedly known about the issue since last year, cybersecurity experts say it still hasn’t been fixed.

By slipping invisible text into an email—hidden with HTML tricks like white text or concealed formatting—criminals can plant a message the recipient never sees. The email appears harmless when opened, but Gemini reads everything, including what’s hidden.

If the recipient asks Gemini to summarize the email, the AI agent unwittingly includes the hidden text in its summary. That text might tell Gemini to produce a warning that the user’s Gmail password was compromised.

Since the notification appears to come directly from Gemini itself, the recipient is more likely to trust it—and to follow urgent instructions, like changing a password or calling a supposed support number.

Google’s spam filters tend to flag suspicious links or attachments, so criminals leave those out. That helps these messages slip past defenses and into inboxes, giving the criminals a way to redirect their victims to phishing sites without using obvious red flags.

Challenges for Detection

Detecting these malicious messages is a highly technical challenge. Some filters scan Gemini’s output for urgent messages, URLs, or phone numbers, flagging the content for further review. Other methods can remove, neutralize, or ignore content designed to be hidden within the body text.

As with most phishing attacks, one of the most effective defenses is education. Organizations need to ensure employees are trained to be suspicious of any urgent requests to take action—even if those requests appear to come from their AI client.

Turning AI Against Users

This isn’t the first attempt to leverage AI in phishing attacks. A technique called polymorphic phishing incorporates AI to randomize components of fraudulent emails—such as sender names, subject lines, and even the content. That helps the messages circumvent fraud detection systems trained to identify patterns in blanket emails.

Ironically, Google has long touted the abilities of Gemini to assist in cybersecurity efforts. It plays a pivotal role in the Google Threat Intelligence cybersecurity platform, which is designed to give users a more comprehensive understanding of the threat landscape and smarter insights into attacks. 

0
SHARES
0
VIEWS
Share on LinkedIn
Tags: AICybersecurityGeminiGooglePhishing

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Merchants Real-Time Payments, swipe fees, BNPL

    How Software Turned Payments Into a Seamless Part of Commerce

    July 10, 2026
    credit union data, credit union technology

    Inside the Tech Shift Redefining How Credit Unions Operate

    July 9, 2026
    embedded payments

    What Embedded Payments Can Solve for Small Businesses

    July 8, 2026
    apple tap to pay

    Build Momentum Behind Zelle for Business

    July 7, 2026
    Accredited Payments Risk Professional

    The Growing Importance of Payments Risk Expertise

    July 6, 2026
    account aggregation

    The Dilemma Facing Financial Institutions: Aggregate or Be Aggregated

    July 2, 2026
    contactless payments

    Wherever There’s Friction, Contactless Payments Can Help

    July 1, 2026
    gift card strategy, gift card trends

    How Cautionary Spending Is Fueling Gift Card Purchases

    June 30, 2026

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2026 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result