This postFrom M’s blog, this is something every Gmail user ought to be aware of:
After logging into Gmail, the victim visits a site that injects a malicious filter into your Gmail account. The filter can be for something as simple as “password” or as broad as “has:attachment”, and when the criteria are met, it sends that mail to the hacker, who then uses the information to ruin your life. Don’t let that happen.
(It happened to David Airey, as you’ll see in the story M links to.)
Hi Ben,
Thanks for the warning. What do you have to do to prevent it? I read through some of David’s account, but I was confused.
To answer for Ben, the only preventative measure is go to the websites you trust until Google fixes this.
M,
Thanks :) I guess I’m okay then.
So, this happens when logged in, but not logged off? Then log out before visiting sites?
Theoretically, I guess. I have Gmail open in a window all day long, so that’s not how I’ll do it, but for the less email-crazed, that’s a viable option.
Another possibility for those worried about this, I might add, is to have Gmail open in one browser and do your browsing in another. It avoids the problem and still allows the e-mail junkies among you to keep Gmail open all day. (I’m not quite all day long, but whenever I’m at the computer, Gmail is open.)
