Researchers at WordFence that builds security tool for the blog site WordPress has warned users in a about the new phishing attack. The clever trick is so difficult to detect that experts have been falling for it.
Here's how it works:
It should be noted that your genuine account will come with ‘accounts.google.com’ and you won't find anything other than ‘https://’ and the lock symbol.
The attackers will quickly log into your account and use actual attachments along with similar subject lines to send it to people in your contact list. That's one of the reason why you will find the email genuine and familiar.
Needless to say, the attacker has full access to your emails and can download whatever he wants. Your Gmail account may also give it control over your other services linked to Gmail.
Do not fall for this trick! Always safeguard your accounts with two-factor authentication and watch out for that URL.