In a blog post by Wordfence, the company said victims get an email to their account from someone who appears to be a known friend, company, or organization they belong to. The email includes links that, when clicked, open to a fake Gmail login page where users are asked to log in with their Gmail credentials.
The hackers then steal the victim's information.
Experts say you can protect yourself by always checking the location bar in your browser to make sure you're on the correct site before logging in.
Other protections like two factor authentication are also recommended.