Recently I started to get automatic emails, generated by some scammer. It either says that my Google account will be blocked soon or some stranger has left me a message. To read the message I must open a link.
I opened a couple of such links though anonymous proxy: these were fake Gmail login forms. So, he wants to steal my Gmail account. The links have very similar domains:
- imaill.kiev.ua
- imaill.ws
- imaill.vn.ua
- imaill.te.ua
- imaill.ternopil.ua
Is it possible to create a filter in Gmail such that when it sees "imaill\.*" in the text representation of the email, it deletes it?
Best Answer
A filter on "imaill." will probably suffice, assuming that you don't have legitimate messages with that string. (Like, communication from your ISP responding to your phishing report.)
That's probably a bit too broad, though. Google's Advanced Search operators for Gmail are a little light on the headers they can key on, allowing only searches (and thus filters) for:
So, depending on what this interloper is doing, this might work better:
As I mentioned in my comment, though, the best course of action is probably to mark the messages you're receiving as phishing attempts.
This lets Google get better at recognizing phishing attempts and, eventually, prevent these sorts of messages from reaching your (and everyone else's) mailbox. If you just filter these into the trash that won't happen.