For several months, a phishing scam has been tricking Gmail users into sharing their passwords. Recently, the security company WordFence released an alert about this scam.

The attack starts when the attacker sends an email to the victim’s Gmail account. The email address of the “sender” usually belongs to someone that the victim knows; however, the sender’s account has already been compromised by the attacker. The email contains what appears to be an image for the victim to click on.

When the victim clicks on the “image”, they are taken to a new tab which prompts for their Gmail account information. Once the victim signs in on this page, their account is compromised. The attacker then has access to the victim’s emails and personal documents. Once the attacker has access to the victim’s account, they will use this account to send the scam to more victims.

What makes this scam “highly effective” is that it is uses email addresses of people that the victim knows. Also, the fake Gmail sign-in page appears to be legitimate, containing the Google logo and normal entry fields for username and password.

In order to prevent yourself from becoming a victim of this scam, it is important to note the following:

• Although the false attachment contains “accounts.google.com” in its URL, it also has “data:text/htm” at the beginning, which is not found on a normal Gmail URL.
• When signing into any service, you should check the browser bar to verify the protocol and hostname. The URL should begin with “https:” and there should be a green lock icon next to the URL.
• Gmail users can also enable two-factor authentication or “2-step verification” to make their account more secure.

For more information: Don’t fall for this ‘highly effective’ Gmail scam and WordFence Article