According to web security professionals, the hacker will first send you an email that includes an attachment. When you click on it, you will be directed to what looks like a Gmail login page. However, it's a fake. If you enter your email and password, you're giving your credentials to hackers to who then have complete access to your account.
It sounds like it would be easy to avoid, but the emails look like they come from one of your contacts. It may even have a subject line that looks authentic.
Even the fake login site has a URL that looks real...
If you get an email with an attachment, please be VERY careful and double check it before you try to open it.
For other tips, you can read more in the post below.