Staying clear of phishing schemes is usually a piece of cake as you mostly need to ignore emails from Nigerian millionaires, enlargement pills or weight-loss products that suddenly appear in your email. However, there's a new phishing scam that targets Gmail users by duping them with mails that look a lot more personal and are sent by legitimate addresses from their contact lists. Unfortunately, Gmail's regular phishing defense is useless against this scheme.
As soon as it compromises an account, this phishing scheme sends a custom-tailored email with a plausible subject to every person in the victim's contact list. The mail contains a "picture" as an attachment, but if you click on it, you will be taken to a bogus Google login screen. If you enter your password, the hackers will instantly get your credentials, then continue the cycle by spamming everyone in your contact list with a similar email. This scam is so hard to spot that even people who have a lot of Internet experience have fallen pray to it.
Fortunately, stopping this scam is quite easy: whenever you're asked to re-enter your Google credentials, make sure that this is the exact address that appears in the address bar: “https://accounts.google.com”. If it's even slightly different, don't type anything; just close the page, then clear your cache and you should be safe.
Since we're already talking about security, you may also want to read: "DDoS attacks: all you need to know" or "All you need to know about updating router's firmware".