Thankfully, there are specific things you can look for to spot a fake and avoid falling for the convincing trick. Along with beefing up your password and setting up two-step verification on your Gmail account, here's what Satnam Narang, Senior Security Response Manager at Norton by Symantec, told Refinery29:
"The best way to identify this attack is to look at the address bar. In this case, look for the words 'data:/text/html' at the beginning of the URL. If you see this, close the browser tab and alert your friend that their account has been compromised."
Two-step verification is a key defense because even if the malicious hacker has your password, they would also need the verification code Google sends to your separate device that's needed to successfully login to your account, according to the Forbes report. Being a bit skeptical of random emails from friends and other contacts might help, too.
As always, be careful out there.