Credit:
Now, Google has reacted. They claim they've investigated the issue, and found no vulnerability. The entire thing is a mere phishing scheme; the victims would give away their Gmail credentials to a phishing site, and then the attackers would be able to change the filters. To be safe from phishing attempts, well, all I can say is this: don't listen to people you don't know and don't click on shady links.