This scary phishing scheme can fool even the most diligent of people

Security experts are constantly warning computer and mobile users that their information is always at risk. Now, there’s word of a highly effective phishing scam that’s been tricking Google Gmail customers into divulging their login credentials. It’s a trick that could affect you — and put your personal and financial information at risk — even if you use other email services besides Google, as well. That’s why it’s so important to know how it works. In short, here’s how the scam plays out:

First, you log in to your Gmail account and see an email from a friend or associate that you regularly communicate with. As far as you can tell, this is a legitimate email from a friend or associate. Inside the email is an attachment that your contact asks you to download. Usually, the title of the email is correctly spelled and something that you’ve discussed before, so again, no red flags at this point. You then download the attachment, at which point another window pops up and asks you to log back into your Google account. Aha!

From there, you fill in your username and password and then hit enter, only to be taken back to the very same screen. Unfortunately, you’ve just provided cyber criminals with free access to your Gmail account, and who knows what else, depending on what kind of information you store online. Yikes!

The takeaway: Regardless of which email service you use, think twice about opening any email with an attachment— even from your closest friend or a family member. Always ask the sender — by calling them or sending them a text — if they actually sent you an email with an attached file. It’s a pain, but well worth it in the end.