A new phishing attack is using a deceptive measure to draw information from Gmail users.
The scam sends emails to a hacked user's contacts, Yahoo! Tech reported. The email contains an attachment. When the attachment is opened, a new tab opens with a page that replicates the Gmail sign-in page. If the victim types in log-in information, the data goes straight to the hacker.
If the hacker gets the data, the hacker can look through private emails or download information from the account.
According to Yahoo!, the beginning of the web address looks different for the hacked account and there also is a hidden script to watch out for before typing in Gmail information.
The hack is designed to get data from even sophisticated email users.
Google recommends users have a two-step sign-in process, according to a statement given to WordPress security plugin creator Wordfence.
“We’re aware of this issue and continue to strengthen our defenses against it," Google said in the statement. "We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”