Scams are always rampant on the web. Victimizing users to hack their accounts or steal information. Yet, another cleverly thought of phishing scam is yet doing the same thing again.

According to Life Hacker, the new Gmail phishing scam seemed simple as a person creates an email pretending to be someone you know or not. Afterward, they send you an attachment. Yet, after you click the attachment, it isn’t really a file, just an image.

The sample image of the fake attachment could be seen below as one Gmail user, Tom Scott said he almost fell for it. But thanks to his high-resolution DPI Screen, the image had been fuzzy. If a Gmail user would ever click the embedded image looked as an attachment, they would then be redirected to another window which contains a Google Gmail sign-in page.

However, the Gmail sign-in page looks very similar to the original one, with all the logo and text box. The downfall is that instead of the usual URL https:// the Gmail sign in page you would be linked to has “data: text/htyml.” Gmail users were then advised to be on the lookout for the URL difference so the Gmail hacker couldn’t send fake attachments to those in your contacts.

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list,” Wordfence noted. It was also stated that this kind of Gmail phishing scam has a high success rate to victimize people so all should be on alert.

Google had also taken part in its prevention as reported. The company responsible for Gmail had launched Chrome 56.0.2924 for the user’s account protection. Due to the updated version, the user would now see a “Not Secure” warning on the location bar which could help them prevent signing in to the untrusted browser.

It was also noted that if a person thinks they’re too smart to be victimized, numerous people had been confirmed to be already affected by the fake attachment scam.