Most of us are probably suspicious enough to spot a fake email from a vendor like PayPal or Amazon, looking to phish for login or payment information, but would you be able to discern what’s real and what’s fabricated if the message came from a known contact? Family? Friend?

Well, that’s exactly the scam that’s hoodwinking Gmail users these days, according to Boing Boing.

You get an email from a friend in your contacts (who has already been compromised by the scheme) with an attachment for you to click on – some might even look like replies to previous email chains. Once you click on the attachment it will ask you to sign in to Gmail again in order to open it.

Now, you may think that last part would tip you off, but the URL in the address bar is “accounts.google.com,” which would likely assuage your concerns. And so you sign in again.

And that’s when they get you.

Photo Credit: OIT Help

Now that they have your login information they can do the same thing to your friends and family using your email address, and so on. It’s a sophisticated, well-orchestrated plan that’s earning hackers access to lots and lots of Gmail account, so we thought everyone could use a heads up.

You shouldn’t ever have to re-login to Google to open a simple attachment from a friend.

The more you know.

Want more? Check out the articles below:

h/t: Mentalfloss