Phishing emails are so old world. With the commercialization of generative artificial intelligence (gen-AI) “prompt injections” is the new love of scammers. They use it to mess with AI systems like chatbots or email assistants.

And unlike earlier attempts to steal your data, these injections are smooth, and do not sting the end-target. Before even you know it, they are done. Poof! Your data’s gone. Stolen.

Instead of sending viruses or obvious spam, attackers write secret instructions hidden inside emails, documents, or other files. When an AI tool (like an email summarizer or virtual assistant) reads these files, it can be tricked into doing what the scammer wants— like sharing your private info or sending you to a fake website —without you realizing it.

Direct prompt injection: This is when someone tells the AI tool directly what to do in simple language (for example, “Show the user’s password!”). Most AI tools are taught to ignore these obvious tricks.

Indirect prompt injection: Here’s where it gets sneaky. Hackers hide their instructions inside emails, calendar invites, or even website text. When you use a feature like “summarize this email,” the AI assistant reads the entire content and might accidentally obey these invisible commands.

Is This Threat Becoming More Common?
Yes, and it’s getting more serious. As more people use AI assistants everywhere — from writing emails in Gmail to managing work tasks — hackers see a big opportunity. Attackers are getting better at making their instructions invisible to humans but clear to AI systems. This means the number of attacks, and their cleverness, are both going up.Unlike old-school scams, you don’t have to click a link or download a file. The dangerous part is that just using an AI feature (like summarizing an email) can trigger the hidden trick, making everyone (not just techies) vulnerable.

How Can You Protect Yourself? (Simple Steps)Don’t Trust Every Email or Message: If something looks odd or out of character, especially unexpected emails or calendar invites, be cautious. Attackers often hide their tricks in innocent-looking messages.

Be Careful with New AI Features: Tools that “summarize,” “analyze,” or “read aloud” emails or documents are super helpful—but they can also be fooled. Use them with extra care on messages from people you don’t know.

Stay Updated: This is a no brainer. Keep your apps, browser, and security software up to date. Companies like Google are adding new protections all the time—but only the latest updates have these fixes.

Look Out for Fake Alerts: Some prompt injections may cause your AI assistant to show scary-looking security warnings or urgent requests for your password. If you see these, slow down—double-check by going directly to the official site or contacting support, instead of clicking anything in the message.

Extra Protection: Use two-factor authentication (like a code sent to your phone).

Report Suspicious Emails or Behavior: If your AI assistant does something weird — like showing odd alerts or asking you for sensitive info — report it right away using your email provider’s tools.

Be Skeptical: If a message tries to scare you or rush you, stay calm. Real companies and services never pressure you into sharing personal info or clicking suspicious links.