MIAMI – A new phishing scam involving Gmail is so well done, it's even fooling tech experts.
What makes this scheme convincing is that users are tricked into believing a fake email is legitimate because it's from one of their own contacts with a familiar subject line.
INews reports the targets open what they feel is a credible email, which includes an attachment. Once the user clicks on the attachment, a new window opens that looks almost exactly like the Gmail login page.
But it's a fake and if a user enters their email address and password, the hackers have all the information they need.
The hackers then look in your own contacts to search for future targets, running the same scheme with someone you know.
Forbes reports the attachment is used because if the hackers sent users to a different website, it may be blocked by Google's SafeBrowsing system.
Forbes says for users to protect themselves, they should enable Gmail's two-factor authentication. The report also says to look for the lock icon next to the address bar.