Fake notices inviting Gmail users to update their Google account information have lately been hitting inboxes around the world, warns Sunbelt.
Purportedly coming from the “Google Team”, the rather legitimate-looking message tries to make the users download and open the attached Gmail_access.html file, which when opened in a browser presents a very realistic, but fake version of the Gmail login page:
If it looks realistic, it is because it loads certain graphic elements from the legitimate Gmail page, but a peek at the source code of the page reveals that the entered information gets sent to a script hosted on a domain registered in Serbia.