Many Gmail users reported that their inboxes have received a lot of ads that were ostensibly sent by themselves! The same continued even after changing passwords.
My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don’t recognize. I changed my password immediately after the first one, but then it happened again 2 more times. The subject of the emails is weight loss and growth supplements for men advertisements. I have reported them as spam. Please help, what else can I do to ensure my account isn’t compromised?? – A user post in Gmail’s help forum
Numerous users replied to the post saying that the same happened to them. Many of these people have two-factor authentication on their accounts, but that didn’t stop the spammers, it seems!
Forged email headers were used to make the sent emails appear as if they were sent via Telus, a Canadian telecommunications company. These headers were enabling the mails to get past the well-recognized spam filters of Gmail.
A Google spokesperson provided a statement that states of the spam tenure being a ‘spam campaign impacting a small subset of Gmail users.’ It as well adds that Google has already taken active measures for protection of Gmail spam, and no account was compromised. Here’s how it quoted:
We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. More information on how to report spam can be found by visiting our Help Center.
Telus provided a statement too, disclosing of their awareness of the matter. It did say that the contents were not generated by Telus, and neither the mails were being sent from its server. Telus is on course for a resolution with its third-party vendors.