When users take a look through their sent messages, they aren’t always searching for an email they sent. The security-minded user is looking for any messages that they did not send out. That’s how some Gmail users recently discovered a spam message campaign.
Several users in a Gmail help forum reported that they had found spam emails distributed to unrecognized addresses with subject topics ranging from bitcoin and funeral insurance to weight loss and growth supplements for men. Despite what it seems, these accounts were not hacked.
The accounts were spamming themselves with a trick spammers can use to bypass Gmail’s spam filters. In addition to the help forum, users also flocked to Twitter to let others know.
One user reported changing their password only to have the spam messages sent again. Users who have two-factor authentication enabled reported the same issue. A Google spokesperson assured users that their accounts had not been hacked, reporting to Mashable that it was a “spam campaign impacting a small subset of Gmail users.”
“This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident,” Google said.
All of the emails have reportedly been sent via telus.com, a Canadian telecommunications company. When contacted, a TELUS spokesperson said, “We have identified spam emails being circulated that are disguised to appear as if they are coming from http://telus.com. We are aware of the issue and can confirm the messages are not being generated by TELUS, nor are they being sent from our server. We are working with our third-party vendors to resolve the issue and are advising our customers not to respond to any suspicious emails.”
Users who find the messages should continue to report them as spam.