Google says the recent GMail account breeches were due to typical phishing scams, not a vulnerability in GMail itself.
With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords.
They don’t say exactly how the usernames and passwords were harvested, however. Were people just dumb/gullible enough to type their Google usernames and passwords into some other web site? Or was there a way for these phishing sites to grab the authentication info from the user’s browser? Is this the fault of the web browser or a faulty plugin?
While the fingers continue to be pointed, the specific methodology for adding malicious filters to a GMail account by way of a phishing attack remains a threat.