Spammers Trick Some Gmail Users Into Thinking That Their Accounts Sent Out Spam
Ever since the inception of email, providers have been engaged in a never-ending game of cat and mouse with spammers. This time around, it appears that Team Spammers one-upped Gmail users, as cleverly disguised spam messages began appearing in the sent folder of several people.
The moment spam to originate from your account, it is very likely that it has been compromised and someone has taken control of it. Granted that is extremely difficult, given Google's security measures, one can never rule out the possibility of human error. The affected users promptly changed their passwords and even activated two-factor authentication on their accounts.
Even changing the password and enabling 2FA didn't seem to do the trick
Changing your password and enabling 2FA should lock out any potential intruder and give you back control of your account right? Many affected users found out that it didn't, and their accounts were continuing to send out junk. A user on the Google Product Forums said:
"My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don’t recognize. I changed my password immediately after the first one, but then it happened again 2 more times. The subject of the emails is weight loss and growth supplements for men advertisements. I have reported them as spam. Please help, what else can I do to ensure my account isn’t compromised??"
The content of the emails were garden-variety spam, mostly advertising growth supplements, weight loss miracles, and loans. Thankfully, none of the accounts was actually affected and was a victim of a clever spam campaign. They appeared the way they did because spammers had composed the email headers to trick Gmail into thinking the emails were sent by the recipient. Google reached out to Mashable for a statement that said:
We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. More information on how to report spam can be found by visiting our Help Center.
According to the affected users, the sent spam emails seem to be sent via telus.com, a Canadian telecommunications company. It isn't clear at this point if the company is directly involved, or fell prey to the scammers themselves. Google, on the other hand, states that it is aware of the issue and is working on a fix to prevent such a scare from happening again.