Google has recently released means for people to customize the looks of their GMail inboxes, but we, Google Apps users, are still in the blue. (That's my poor attempt at a pun)

Ever since Theming was released for GMail that I have been waiting and hoping to get the very same feature for Google Apps. After all, some of the G. Apps users are paying users, so one would expect the guys at Google to roll out the new features fairly quickly for their Apps users. That has not been the case. It was not the case with IMAP and it was not the case with Google Labs.

Now once more, it is not the case with Themes.

Sure, you can throw out all the excuses that there are a lot of users and that it needs a lot of work to roll out the features to everyone, but that just doesn't stick with me. Even recently we (Apps users) got our default theme changed to the default theme brought by the theming feature, however, the Themes tab is still MIA on the Settings page.

Clearly, part of the code has already been rolled out, but not all of it. The why is yet to be known, as Google won't give anything more than "soon, Themes will come to Google Apps". But how soon, Google?

I will, in a brief and resumed way, describe the situation and what you can do to play it safe(r).

What happens is that through a trick with URLs and attacking websites, an attacker can effectively enable your e-mail forwarding to whichever e-mail the said attacker wants to. Basically, this way, they get access to all your incoming e-mail because it gets forwarded to their inbox.

In Aibek's case, the attacker managed to somehow steal the e-mail that contained the password to access his domain registrar account. The attacker then transfered the domain to another registrar and started to blackmail Aibek, claiming that he wanted $2000 for the domain that he originally owned.

This is a very serious situation, and maybe this is just the tip of the iceberg; a lot of malicious actions can be conducted this way and the first and foremost thing you should do right now if you own a GMail account, is to check under Settings -> "Forwarding and POP/IMAP" if your forwarding is set to some unknown address. If it is, then you are highly advised to disable the forwarding and change all your passwords. Especially if you have received e-mails from password recovery systems that you didn't ask for in the first place.

The next tip is to never open links that come within e-mails that you don't totally trust. If you must open the link anyway, then rather than clicking it, copy the link, logout from your GMail account and then visit the link. When you're done, log back in and you should be safe.

It is yet to be known if this flaw affects Google Apps accounts as well. In a wild guess I would say it does, but it would have to be customized to attack a specific domain belonging to Google Apps, so everyone, be wary.