A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.
This attack is currently being used to target Gmail customers and is also targeting other services.
The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.
You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there so you sign in again but it was a fake login screen and now the attackers have your creds.
You can protect yourself from this by always checking the URL bar all the way past the white space to the right, you would see additional URI looking code that tips you off. You can also of course enable dual factor authentication using a Yubikey or an SMS message to your cell phone.