I was at the boat at the time I received my mail, which was from one of my family contacts - so nothing suspicious. And yes, she is part of my friends and family in Google Circles, so nothing suspicious there either. The link took me to a very proper looking Google login page. Others from my contacts list, who had been taken to Facebook, Skype etc, were taken to their respective login pages. Google often ask me to re-enter my login details when I am away from home or using an unusual device, so I thought nothing of entering my details to access my account - or so I thought I was doing! This is when my login details were harvested. During that night, all my contacts received a similar email from me. It transpires, after investigating, that my family member who I had supposedly received my bogus email from, had herself received the same message from one of her friends the day before, and had also responded to the login request at the other side of the link. BEWARE!
I have just spent the day changing my Google accounts password, and also adding their 2nd layer security, which requires a mobile phone to receive a one off security pin number to feed back before access is granted. Your regular devices will be remembered, but if access is required from an unknown device, then the pin to mobile text will be required before access to your account is granted.
One last thing to consider. The hacker will probably have harvested enough detail from cookies on your own device that was used to complete the bogus login, that they will also be able to read your new password details as you change them on your bone-fide account - so best, if possible to change your password details on a different device or it could all happen again, as it once did with another of my family members.