Hello,
extract from the article:
"
... hackers send emails to the contacts of compromised accounts containing a seemingly innocuous attachment. When the user clicks the attachment, a new tab opens in the browser that looks nearly identical to the Google sign-in page. If the user inputs their log-in information, it goes straight to the attacker.
"
who is dumb enough to fall for it?
1. If the user gets this mail and he/she is using gmail, he/she must wonder why in the new tab he has to enter again his credentials.
2. If the user is willing to enter his credentials just to see an attachment, then the user has no idea what an attachment is.
Extract from the article:
"
An insidious new Gmail phishing attack is tricking even the most careful of users
"
--> not really