http://bgr.com/2017/03/15/gmail-phishing-scam-2017-how-to-avoid/
that is spreading on Gmail. It embeds a image that looks like an email attachment on Gmail. When clicked upon it takes the user to a new sign in page beginning with "data:text/html" and contains the normal Google URL after that and looks exactly like the Google sign-in page too, so it isn't exactly clear that the page is different from the actual one, this page is actually an iframe of the phishing page.
Since the image is embedded in the email it doesn't matter if you have external images turned off the fake attachment image will still load. The latest Google Chrome version now contains a "Not secure" warning in the address bar on non "https://" pages with login functionality so it might help some users (
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
). But a lot of users use other browsers as well such as Firefox.A lot of users are falling for this even the more "technical" ones: https://twitter.com/tomscott/status/812265182646927361, http://blog.greggman.com/blog/getting-phished/
It is quite interesting how the perpetrators of these phishing attacks are trying even more sophisticated methods of exploitation to extort data from users.