New Gmail phishing scam is fooling veteran users

The way the phishing attack works is that an attacker sends an email to a user's Gmail account.

The email, which will likely include an attachment, can come from someone you know but whose account has already been compromised.

When you click on the attachment expecting a preview, the attachment opens in another tab, and asks for your login-credentials.

Do NOT provide your credentials.

Once an account is compromised, the attackers gain complete access to all the emails a user has sent and received.

The attackers then launch secondary attacks on the user's Gmail contacts through fake emails using an attachment and a subject line the user has previously used.

They can also compromise a host of other services which a user accesses through Gmail.

The best way to secure your account is to enable two-factor authentication in Gmail which prevents attackers from accessing your account without the second factor (usually your phone or a USB cryptographic key).

You can check for, and force-close, unauthorized login activity by clicking "Details" at the bottom right corner of Gmail (from PCs).

Change your password immediately if you feel you've been hacked.