Gmail users getting spammed via their own account!

23 Apr 2018

Several Gmail users have reported that their inboxes were flooded with ads and spam mails — apparently sent from their own account! Several users took to Gmail's help forum to report the issue. The problem doesn't appear to be widespread, but is confined to a relatively small number of users, including those that have two-factor authentication.

Apparently there is a glitch that some spammers have exploited to circumvent Gmail spam detection filters. At least one user complained that spam mails continued to go out from his account even after changing the password after the first such instance. The emails were filed in the users' Sent folder.

The emails arriving in the inbox appear as if they are being sent by the user with a 'Me' marked in the inbox along with the profile icon of the Gmail user on mobile. While the spam shows the users name in the main view, on opening the mail, there is a different name in the 'From' line with the subject and content of the email changing with each email.

Google seems to be aware of the issue and said in a statement, "We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder.

We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. More information on how to report spam can be found by visiting our Help Center."

A company spokesperson told Mashable that Google has "actively taken measures to protect against it". The spokesperson assured that users' accounts were not compromised.

The Mashable report points out that the spam emails have been made to look like they were sent via Telus, which is a Canadian telecommunications company. Telus, however, said the spam emails are not being generated from its server. A company spokesperson said in a statement to Mashable that Telus is working with third-party vendors to resolve the issue.

Affected users are advised not to respond to these emails.