If you receive an attachment from a friend, click on said attachment and directed to a page that looks like an indistinguishable replica of the Google login page: pay close attention!, you might be caught in a phishing trap.
(And please: why the hell did you click on an unrequested attachment, even if it comes from a friend of yours?)
This new phishing attack is spreading through emails sent, apparently, by your contacts: the mail has an attachment that, when clicked, opens a fake Google services login page. Wordfence, developers of the great WordPress security plugin with the same name, report that to avoid the fraud yu have to pay attention, among other things, to the URL: it’s not a real web page, even if it contains a realistic Google address.
In addition to always be careful to everything, and to check all links in an email or on a page that alert you, try to install the extensions that we talked about in this post: they are all aimed at increasing the safety of your browsing.