A new Gmail phishing technique has been gaining popularity over the last several weeks. This phishing attempt is extremely well crafted causing many to fall prey to its tactics and divulge their Gmail password.
This particular phishing attempt may likely come from someone you know and even include an attachment that may seem appropriate as the senders e-mail account has likely been compromised as well.
When the attachment is clicked on, you are taken to what appears to be a Google login page, and even a quick glance at the URL located at the top of your browser shows a somewhat appropriate:
This particular phishing attempt uses some technical trickery and actually embeds some additional data before the web address (URL) and after. Notice the “data:text/html,” preceding the proper URL for Google login? That little piece of information changes how this behaves in your browser.
So, as always, the URL for the webpage is a great indicator that something is wrong. Verifying that the URL starts with an appropriate protocol (HTTPS) and an appropriate hostname can help protect against this threat. Be aware, that many services on the Internet will embed additional data after the proper URL which helps to direct you to specific content or identify your current session to them, but there should never be anything before the protocol header (HTTP or HTTPS).
If you are interested in a more technical description of this particular phishing attempt or for updates, I recommend the following site: https://www.wordfence.com/