It’s 2017 and email phishing is not new, however, there is a new technique attackers are using specifically against Gmail accounts. Malicious email messages appear to contain an attachment, but clicking the attachment will open a new browser tab that appears to be a login screen. This form will capture account credentials and send them to the attacker.
To prevent this type of attack, always look closely at the address bar when entering login credentials. The address bar must show a lock and https. If the site is not using https, it could be a forgery. Also be careful of any links or attachments received via email, even messages received from someone you know.
Additional information about this specific attack can be found at https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/