BUFFALO, N.Y. (WIVB) – Cybersecurity experts are warning gmail users they are in the crosshairs of a new hack that tricks the user into giving up their login username and password, then sends out a “blast” from their inbox of more hacked emails.

SUNY at Buffalo cybersecurity expert Arun Vishwanath warned the latest “spoofing attack” targeting Gmail users is so sophisticated, even trained users have fallen for it, “these attacks are getting really sophisticated.”

The key to the scam’s effectiveness is, according to Vishwanath, it hijacks an existing email thread between two users to steal their Gmail login and password, “If you have an ongoing conversation with me, it is going to come from you to me, and it is going to look like something we were talking about–the subject line is going to be copied.”

The only difference is, Vishwanath said the incoming email has an attachment in it, and when you click on the attachment, it directs you to log in again, “this preview asks you to log back into your email account. It is something all of us do all the time–we log into our accounts–but never into an attachment, and the moment you do that the hacker has your login and password.”

The UB professor said their research has shown, these Gmail spoofs have a success rate of nearly 50% on the first day, but after they have been in email boxes for three days, the success rate jumps to 85%.

How does that happen? The attachment, Vishwanath explains, is usually familiar to the recipient–something they have seen before, “It could be a photograph, it could be ‘hey look at this attached image, I am going to open it,’ and the moment I open it, it says just re-log into your Gmail account to attempt to get this picture, and almost immediately my login and password is gone.”

Professor Vishwanath advises Gmail users there is a telltale sign of a spoofed gmail–in the upper left corner, in the browser location bar, a legitimate mail entry starts with “https://”, indicating the entry is secure.

A spoofed email, he said, will have text to the left of the “https://” which will likely be a hack. Vishwanath added, this phishing attack is mostly found in the Gmail network, but it can also be effective in other email servers.