You get an email from one of your contacts. It looks like the real thing and sounds like it came from someone you know. Click the attachment and you're taken to a site where you are prompted to re-enter your Gmail credentials. If you didn't check the whole URL, you just gave away your account information. Details on this scam are in the link below if you want a more in-depth look.