“View Contract Sheets” Gmail Phishing Scam

This nasty piece of work went live on Monday sending out a phishing scam with the subject “View Contract Sheets” asking you to enter your Gmail credentials. If you did it emailed itself to everyone on your contact list. Since then Google says they have fixed it and their recommend fix was to change your Gmail Password.

I had a few users who did that, but afterwards stopped receiving new emails from that point forward. I checked spam and blacklists and they were okay. I did some digging and all the new emails were now ending up in TRASH on the Gmail webmail console (not shown in Outlook). After MORE digging I found out that there was now a filter applied to their accounts that set all new emails to read and then deleted!

To remove it log into the Gmail web console and go to the Gear in the top right and click on Settings.

Gmail Phishing Scam

Then go to the Filters tab and remove the filter.

Gmail Phishing Scam

Very cheeky! That had me puzzled.