See GMail Account Hacking Tool at Hungry-Hackers.com.
Basically, you need to go to your settings page, scroll way down to the bottom, and find this:
Make sure that Always use https is checked, and click on Save Changes.
If you can’t find this page, here’s a visual guide:
Top of GMail home page
Bottom of Settings Page
“Gosh,” you may think, “but I always use Gmail under https!” Well, actually, you didn’t. And this option? Only introduced by Google in the past week. Previous to that, all GMail users were vulnerable to this hack, even if they thought they weren’t, and there was no way to prevent it.
Google, don’t you remember your “we won’t be evil” promise?
Thanks – I never would have picked up on this.
You’re welcome.
I find that most people are stumbling over this through word of blog. That’s how I found out.