Gmail users need to be on alert for an email that looks like an email from a friend but which is actually a savvy phishing scheme that not only your grandmother will fall for. The email contains a convincing looking attachment and a subject line taken from that friend's account — which has already been hacked — and once a user clicks on it, it opens up a new tab that looks like a standard Gmail login screen, only it isn't. The minute you enter your login information, it's collected by the hackers — thought to be in Russia — who then quickly use it to access all of your email and potentially download a host of compromising data.

The scheme first appeared via a university sysadmin on Hacker News a week ago, saying that many of their student and faculty accounts were compromised over the holidays due to this.

KRON 4 picks up the news via this Knoxville ABC affiliate, who spoke to the CEO of Wordpress security plugin Wordfence, Mark Maunder. Maunder explains, "The attackers signing into your account happens very quickly. It may be automated or they may have a team standing by to process accounts as they are compromised. Once they have access to your account, the attacker also has full access to all your emails including sent and received at this point and may download the whole lot."

And on and on it goes, from your account to everyone in your address book.

According to the UK's iNews, this particular scheme has been around about a year, but has recently been gaining traction.

It's a sophisticated phishing technique, says Maunder, using something called a ‘data URL’ that you can check for in the location bar of any new tab that might open up, in this program or elsewhere. He suggests never logging in to any page that has similar extra text to the right of a URL, as shown below. You can also check in your browser to see if this URL has been verified, or if it has a padlock next to it.

data2.png

Also, here's how to check and see if you're in the process of being hacked, though it may not be possible to know if your account has already been compromised, via KRON 4:

You can also check login activity on your Gmail account. Just open Gmail, click on Details (Very small in the bottom right hand corner of your screen). This will show you all currently active sessions as well as your recent login history.
If you see active logins from unknown sources, you can force close them. If you see any logins in your history from places you don’t know, you may have been hacked.

If you've clicked on any funny attachments like this lately, it's time to change your password, warn your friends, and check your credit report.