A new phishing technique for several email services, including Gmail, is proving to be highly effective and has some users worried that their accounts are being compromised.
Mark Maunder, the CEO of Wordfence – the security plug in for WordPress –says the attacker sends an email to your account that may come from an address that has already been hacked.
When you try to view it it'll send you to another tab with the fake login screen. Once you put in your name and password, your account is immediately stolen and a similar message is sent to everyone on your contacts list..
To protect yourself, users are told to check the URL of the website - if it looks wrong, close out the window.
If you do log in and get caught, change your password as soon as you can – something security experts recommend doing every few months anyway.
You can check the login activity of your Gmail account if you are worried. To do so, open Gmail and click on “Details” in the bottom right hand corner of your screen. This shows all recent login history and currently active sessions.
If you see active logins from some unknown source, you can force close them. If you see any logins from places you don’t know, your account may be compromised.
