An effective new phishing attack Attack.Phishing is hitting Attack.Phishing Gmail users and tricking Attack.Phishing many into inputing their credentials into a fake login page . The phishers start Attack.Phishing by compromising a Gmail account , then they rifle through the emails the user has recently received Attack.Phishing . After finding one with an attachment , they create an image ( screenshot ) of it and include it in a reply to the sender . They use the same or similar subject line for the email , to invoke recognition and automatic trust . “ You click on the image , expecting Gmail to give you a preview of the attachment . Instead , a new tab opens up and you are prompted by Gmail to sign in again , ” WordFence CEO Mark Maunder warns . The phishing page is a good copy of Gmail ’ s login page , and its URL contains the accounts.google.com subdomain , which is enough to fool Attack.Phishing many into believing that they are on a legitimate Google page . “ This phishing technique Attack.Phishing uses something called a ‘ data URI ’ to include a complete file in the browser location bar . When you glance up at the browser location bar and see ‘ data : text/html… .. ’ that is actually a very long string of text , ” Maunder explained .