The new tab, which contains "accounts.google.com" in the address bar, prompts the user to login.
Once the user puts in his or her credentials, the hacker has access to the information.
There are a couple of ways to prevent falling victim to the hack, according to experts.
"Make sure there is nothing before the host name 'accounts.google.com' other than 'https://' and the lock symbol," Maunder said. "You should also take special note of the green color and lock symbol that appears on the left."
Two-step authentication is a simple step that users can take to prevent such a hack. The process involves a code being sent to the user's phone for further authentication before someone can gain access to a Gmail account.
More information can be found at Wordfence.