Tech Times reported that the scam involves a hacker who has access to a user’s account sending malicious emails with PDF attachments to people in the victim’s contacts.
Because the emails are sent from a real account, the unsuspecting person opens the attachment, which opens in a new tab as a preview.
The new tab, which contains “accounts.google.com” in the address bar, prompts the user to login.
Once the user puts in his or her credentials, the hacker has access to the information.
There are a couple of ways to prevent falling victim to the hack, according to experts.
“Make sure there is nothing before the host name ‘accounts.google.com’ other than ‘https://’ and the lock symbol,” Maunder said. “You should also take special note of the green color and lock symbol that appears on the left.”
Two-step authentication is a simple step that users can take to prevent such a hack. The process involves a code being sent to the user’s phone for further authentication before someone can gain access to a Gmail account.