If you’re using Gmail, you’ll want to read this. A new phishing scam is running rampant, infecting users at an alarming rate.

The phishing email comes from a trusted contact with a subject line and attachment they have likely used in the past so it appears to be legitimate, according to Dark Reading. However, the email contains a fake link or attachment which prompts you to enter your Gmail credentials. The sign-in page appears to be fully authentic, and the address bar even includes accounts.google.com, further tricking users to think the email is safe. The giveaway is the “data:text/html” in the URL.

If infected, your Gmail, as well as any connected services are compromised, and the scam is passed along to your email contacts.

To avoid falling victim to this nasty scam now is a good time to brush up on how to spot a phishing email. For more advice, check out our recent blog on the topic and Wordfence’s advice on how to protect yourself against this phishing attack.