The way this phishing scam works is the attacker creates an email address to disguise themselves as someone you know. Then they send you an email with an attachment, like a PDF or Word doc, that looks legitimate. When you click the attachment to see a preview of it, you get redirected to a Google sign-in page where you enter your credentials. The problem is, those attachments aren’t attachments – as per the discovery of Wordfence. For complete article, click here.
Source: Lifehacker: March 14, 2017