A new phishing scam is targeting Gmail users and computer experts say it could eventually spread to other email accounts.
The scam starts out with an email that appears to be from a friend.
"In this case, it's an attachment, and it looks like it's a PDF," said Jason Kama with the Better Business Bureau Hawaii, "but when people click on it, it actually reloads a screen that looks like the Gmail login screen."
If you see something that looks like this, you may be tempted to just log back in, thinking for some reason you got logged out, but Kama says that's where you've fallen for the trap. In this case, it's a fake screen that will capture your email login and password, and enable people to get into your accounts.
Once that happens, the thieves are able to access your email account, as well as your contacts. It also means that if you use your email password for other accounts, you'll need to immediately change it.
One way to spot a fake is by hovering your mouse over the address bar. If it says "data: text/html," you shouldn't click on it.
You can also use two-factor authentication which involves something like your cellphone as a secondary tool to verify your identity.
Our advice for people with this particular phishing scam is if you get an email that looks like it might be suspicious, I'd always say contact your friend," Kama said.
If you have a consumer concern, or are interested in becoming an Action Line volunteer, give us a call at 591-0222 weekdays between 11 a.m. and 1 p.m. or send an email to firstname.lastname@example.org.