According to Google, attackers had sent e-mail messages to web domain owners asking them to visit fraudulent websites, such as “google-hosts.com”, with the purpose of collection their Google login credentials. Once they had access to the Google mail accounts, they would set up filters designed to forward email conversations with web domain providers.
To prevent such a thing from happening to your own Gmail (or even other web email) account, Google recommends.
1. Always use HTTPS when accessing Gmail. This can be changed from the “Settings” > “General” tab in your Gmail interface.
2. Double check the URL, and only enter your Gmail sign-in credentials if the web address begins with https://www.google.com/accounts..
3. Keep your eye on your filters via the “Settings” > “Filters” tab and lookout for suspicious filters.
You can even consider using OpenDNS since it can block suspected phishing websites.