Yeah, the bad guys are back. This time they’re embedding entire scripts in URLs, stealing passwords, and using a bit of psychology to snag your secrets. You’ve been warned.
Source: Why you need MFA now: Gmail phishing scheme prepends URL with working script data | ZDNet