A number of Gmail users have reported finding messages in their “Sent” folders that appeared to have been sent from themselves. Users said they discovered messages for things like “growth supplements” delivered to email addresses they didn’t recognize.
“My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don’t recognize,” a user posted on Gmail’s Help Forum.
“I changed my password immediately after the first one, but then it happened again 2 more times. The subject of the emails is weight loss and growth supplements for men advertisements,” the user continued.
Forged email headers
The messages contained forged email headers to make them appear to have been sent “via telus.com,” a Canadian telecommunications company.
The forged email headers allowed the messages to slip past spam filters. The fact that they appeared to have been sent by the affected user is what caused them to end up in the Sent folder.
Many users were concerned that the messages were an indication that their account had been hacked. However, Google assured users that their accounts were secure and that the issue had been fixed.
“We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it,” Google confirmed to Mashable. “This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder.”
“We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident,” the company said.
Report as spam
Google encouraged Gmail users to report any suspicious email as spam, noting that more information on how to report spam can be found by visiting the site’s Help Center.
TELUS, meanwhile, confirmed that its servers aren’t generating the emails.
“We have identified spam emails being circulated that are disguised to appear as if they are coming from http://telus.com. We are aware of the issue and can confirm the messages are not being generated by TELUS, nor are they being sent from our server,” a spokesman for the carrier said in a statement.
“We are working with our 3rd party vendors to resolve the issue, and are advising our customers not to respond to any suspicious emails.”