Any of you who use Gmail might want to check your mail filters. In an interesting but very naughty little trick, a group of web pirates found and exploited a security flaw in the Google email application.

Basically, Dave Dairey found that some one had managed to transfer his domain away from his webhost and then tried to hold his domain to ransom (Full story) all because of this hack.

The exploit is simple really although it relies some on a healthy dose of luck. I’m sure you have logged into Google mail via the web page before now, but have you thought of what happens when you visit another web page while logged in. If you happened on one of these websites before this flaw was fixed then the site ran some code in the background that accessed your Gmail account and added a filter to your mail settings. The filter searches for particular strings in emails coming into your inbox (something like “password authentication”) and forwards these on to the scammers own email address. To make things worse the filter can be automatically set to delete the email from your inbox afterwards, making sure you dont notice when some one has hacked one of your passwords.

Google have already fixed this exploit but if your account already has a filter on it the fix wont remove the filter. I’ve already checked mine, I suggest you check yours. (Log in to Gmail and go to Settings and then Filters, its worth checking the pop and forwarding settings too