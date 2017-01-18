(WBAY) – A “highly effective” scam is targeting Gmail users, and even tech experts are getting fooled.

The cyber security blog Word Fence reported about the scam last week.

Word Fence says the phishing attack comes in as an email appearing to be from someone you know. In reality, the email is coming from a hacked account.

The email will include an image of an attachment you’ll recognize, so it appears to be safe. Once you click on the attachment, it will open a new tab for a fake “accounts.google.com” page and prompt you to re-sign in to your Google account.

Once you enter your user name and password at the fake site, the hacker takes over your account.

Google told Word Fence writer Mark Maunder that the company is aware of the issue, and working to strengthen defenses against it.

So what can you do?

Maunder says look closely at your browser location bar. That’s the place where you type in a website address. Don’t click on links that have extra text ahead of them, such as “data:text/html.”

Maunder put together a detailed description of everything you need to know about this phishing attack here: https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/

If you suspect someone has accessed your account, use Google’s last account activity feature. Click here to if someone other than yourself has tried to sign in.

This is the closest I've ever come to falling for a Gmail phishing attack. If it hadn't been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh — Tom Scott (@tomscott) December 23, 2016