Philipp Lenssen spotted a post by Brandon at GeekCondition that explains the general idea behind an attack that can be used to set up filters in your Gmail account without your knowledge. It's important to be aware of these kind of things so you can better protect yourself.
In order for this to work, someone has to first steal your Gmail cookie -- bad guys are always looking for new ways to do this, and according to Brandon, there is at least one (but probably several) outstanding methods that can be used to get your cookie.
As long as you practice safe browsing techniques, the risk of your Gmail account being compromised is significantly lower. Here are some things you can do to protect yourself.
- When you aren't using your Gmail, log out. Staying logged in is handy, but it makes these kind of attacks possible.
- Don't visit websites you don't trust. That sounds pretty obvious, but it's just as important as making sure your Gmail account is logged out when you're not using it.
- Use NoScript if your browser is Firefox. This adds an additional (and very powerful) layer of security between you and the bad guys. There's nothing similar for Internet Explorer or Google Chrome that I'm aware of.