An Insidious New Gmail Phishing Attack... (from Jacob Siegal/Yahoo!)

​A new phishing technique is fooling internet users into giving hackers access to their Gmail accounts. According to WordPress security plugin creator Wordfence, the way that the attack works is that hackers send emails to the contacts of compromised accounts containing a seemingly innocuous attachment. When the user clicks the attachment, a new tab opens in the browser that looks nearly identical to the Google sign-in page. If the user inputs their log-in information, it goes straight to the attacker.

On Hacker News, a commenter describes an incident that occurred at his school last year in which several employees and students were tricked into handing over their account information to attackers after receiving compromised emails and opening the attachments, thus perpetuating the cycle: (Read more...)