If you use gmail you really should read this NOW!

We use wordfence for security for our wordpress site, they have just issued this security warning

If you use Gmail make sure you have not been phished.

Update: How to check if your account is already compromised
I’ve had two requests in the comments about this so I’m adding this section now. (at 9:39am Pacific time, 12:39am EST).
There is no sure way to check if your account has been compromised. If in doubt, change your password immediately. Changing your password every few months is good practice in general.
If you use GMail, you can check your login activity to find out of someone else is signing into your account. Visit https://support.google.com/mail/answer/45938?hl=en for info. To use this feature, scroll to the bottom of your inbox and click “Details” (very small in the far lower right hand corner of the screen). This will show you all currently active sessions as well as your recent login history. If you see active logins from unknown sources, you can force close them. If you see any logins in your history from places you don’t know, you may have been hacked. [Thanks Ken, I pasted your comment in here almost verbatim. Very helpful.]
There is a trustworthy site run by Troy Hunt who is a well known security researcher where you can check if any of your email accounts have been part of a data leak. Troy’s site is https://haveibeenpwned.com/ and it is well known in security circles. Simply enter your email address and hit the button.

https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/?utm_source=list&utm_campaign=011217&utm_medium=email

Replies

PRO

Seth Burgess January 13, 2017 at 10:00pm

I don't see the severe urgency of this? Something useful to check etc. but it's not coming off the back of google being hacked or anything.
- Graham Wright > Seth Burgess January 14, 2017 at 8:40am
  
  Yes it's useful to check these things now and again, but nothing to worry about unless you open everything people send you without checking. Although this latest phishing technique is pretty smart to be honest.
  
  Best bit of advice is to always check the address bar before entering any login details.
  - Graham Wright > Graham Wright January 14, 2017 at 8:47am
    
    Just an anecdotal: I checked on my oldest email address on haveibeenpwned.com, as I know it had been leaked back in the day due to a site I used getting hacked. So far my details linked to that address have been leaked 9 times in various hacking attacks over the years. Thankfully I use a different password for each site, but that address is a spam magnet these days. It pays to take your online security seriously.
PRO

Phil Voice January 17, 2017 at 3:34pm

This Gmail Phishing Attack Is Fooling Even Savvy Users

There's a new phishing campaign targeting Gmail users. Security researchers say that it's highly effective and that even experienced, tech-savvy users are being tricked by it.

http://www.forbes.com/sites/leemathews/2017/01/16/gmail-phishing-at...
- PRO
  
  Seth Burgess > Phil Voice January 17, 2017 at 10:31pm
  
  If you dont use two-step verification you cannot be classed as tech savvy. You should be classed as a fool.