As you may be aware, recently all of my websites were hacked and the home pages replaced with an image of an evil grinning cat. My tech consultant says hackers must have had a way of getting into the server (which was at Hostgator--I've switched now, but I don't think any hosting company is immune). Almost all the sites are back up and functioning, but this morning I ran across a very clever phishing ploy that nearly got me.
It was from a friend and the subject line was "FYI [and the name of a project he did on which I had some input]".
The body of the message repeated this information and there was a document attached. When I clicked on it, I was sent (apparently) to Google with a message that included my name, saying that I'd been signed out of Gmail and needed to sign back in with my password. I looked at the address of origin and it said accounts.google.com. The graphics were right and there were no mistakes in spelling, etc.
The body of the message repeated this information and his phone number, and there was a document attached. When I clicked on it, I was sent (apparently) to Google with a message that included my name, saying that I'd been signed out of Gmail and needed to sign back in with my password. I looked at the address of origin and it said accounts.google.com. The graphics were right and there were no mistakes in spelling, etc.
Probably if I hadn't been hacked so recently I would have gone ahead but I realized that if I'd actually been signed out, I shouldn't be able to open any of the other emails. I clicked on another email. It opened.
I emailed my friend and, sure enough, he's been hacked. It was the most realistic fake I've seen so far.
I do have double sign-in on Gmail--in addition to the password, I have to enter a code that they send to my phone, so I'm not sure whether the hackers would have had a way around that, but I don't really want to find out.
Hackers are getting more and more sophisticated, so if you have any doubts (or even if you don't), it's worth double-checking!