Listening to the StackExchange podcast this morning, and they discussed an interesting question.
Turns out this mom received an email from a friend, and clicked the link. It opened a whole number of browser tabs schilling medical supplies.
The mother dutifully closed them all, and then came to a tab informing her that her Gmail session had expired. She entered her credentials, and continued on. This is when the emails started flying.
Reading through the question, it appears this phishing attack is quite smart. It shows the session expired screen as each of the supported services would display it, and then likely uses the credentials immediately. The individual answering the question hypothesized that 2-stage authentication wouldn’t necessarily help in this case, as the site behind this could take the entered credentials, attempt to login immediately, and if it got the 2-stage request, forward it to the victim.
Bottom-line: Be VERY leery of ANY links in emails. Don’t login to a site unless you’ve used a bookmark or typed in the URL yourself. Maintain unique passwords for all sites (A password manager is very helpful here, and there are several available).