New Gmail phishing attack uses image attachments that masquerade as a PDF file with a thumbnailed version of the attachment. Once clicked, victims are redirected to phishing pages, which disguise as the Google sign-in page. The URL of the fake Gmail login page contains the accounts.google.com subdomain, which is enough to fool the majority of people into believing that they are on a legitimate Google page. As soon as the attackers get their credential, they log into the victim’s Gmail account.
Source: https://thehackernews.com/2017/01/gmail-phishing-page.html