Gmail users, beware.
Software engineering company Wordfence is sounding the alarm on a new phishing scam that is targeting Gmail accounts.
Here’s what’s reportedly happening, according to the company's blog:
First, you get an email from someone you know whose account has been compromised, and there’s an attachment. The scary thing? That attachment may look familiar, or seemingly something that person may normally send.
When you click on the attachment, Wordfence reports users are taken to a new tab with what looks like the Gmail log-in page.
Once users log in again, hackers have access to the account.
A couple of ways to help protect yourself:
- Enable two-step verification for your Google account.
- Keep an eye on those URLs. If you notice something strange before that "https" and there’s no lock symbol, be wary.
- Another thing, if you’re already logged in and go to open an attachment, you shouldn’t have to log in again in a separate tab.
