Gmail phishing scam is even fooling tech-savvy users

If you use Gmail, you should be aware of a new phishing scam that’s fooling even some of the most tech-savvy users. According to security expert Mark Maunder, the CEO of a WordPress security plugin called Wordfence, the hacker will first send you an email that includes an attachment. When you click on it, you’re directed to what looks like a Gmail login page, according to Fox 59. However, it’s a fake. If you enter your email and password, you’re giving your login credentials to hackers who then have complete access to your emails.

Sounds easy enough to avoid, right? Not exactly—the email looks like it comes from one of your contacts. It may even have a subject line that looks authentic. The hackers, who’ve likely compromised your contact’s account, will even rename the attachment to something that appears plausible.

Once your account is compromised, scammers will use your contacts to send more emails in attempts to obtain new login credentials. Even the URL redirecting you to login to your Google account looks authentic: