An important heads-up to anyone using Gmail (particularly on the domain itself):

Here's how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google login page. And this is where the scam gets really devious.

Google is aware of the problem, and is investigating it further. As always, it's very important that you become accustomed to protecting yourself online when clicking on email links or other malicious ads by always keeping an eye on the URL address bar in your web browser, and checking that a now-standard lock symbol appears before you enter usernames/passwords. Also an equally good idea to check the root domain listed in the address bar (i.e., the core domain listed in the URL, like [domain].com).