Fortune:

Security researchers have identified a “highly effective” phishing scam that’s been fooling Google Gmail customers into divulging their login credentials. The scheme, which has been gaining popularity in the past few months and has reportedly been hitting other email services, involves a clever trick that can be difficult to detect.

Researchers at WordFence, a team that makes a popular security tool for the blog site WordPress, warned of the attack in a recent blog post, noting that it has been “having a wide impact, even on experienced technical users.” (See these people, whose accounts were targeted.)

Here’s how the swindle works.

No, “everyone” isn’t but it is (unfortunately) a very clever phishing scam that can catch the unwary off guard. It also points out the effectiveness of two-factor authentication and password managers like 1Password. They wouldn’t load your password on the phishing site because the fake site URL wouldn’t match the real one in 1Password.

[H/T Daniel Jalkut]