A new email phishing scam is affecting even tech-savvy users of Gmail.

Security expert Mark Maunder, CEO of WordPress security plugin Wordfence, says the hacker will send an email that appears to include an attachment. When you click on it, you will be directed to what looks like a Gmail login page.

The problem? The login page is fake. Enter your email and password, and you will be giving your login credentials to hackers who will then have complete access to your emails.

Okay, so you say "I just won't open any emails coming from someone I don't know." Not so fast. The hackers have found a way to make the email look like it is coming from one of your contacts. It may even contain a legit subject line. The hackers have likely compromised the account of your contact. Once they have your credentials, they will use your info to send more emails to others.

So what do you do? Experts say if you are a Gmail user enable your two-factor authentication, which will give you an extra layer of security. If you are unsure how to activate the two-step verification, Google has a step-by-step guide for you.

If you think you have already fallen victim to the scam, you should change your Gmail password immediately.

Google has released a statement saying, “We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including machine learning-based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”