Quantcast

If your Gmail just started sending spam emails to itself + other random addresses, don't panic

supernormal

Willow Biden's Press Secretary
Joined
Mar 5, 2015
Messages
23,966
Reaction score
Reactions
301,063 23,651 3,068
434,853
Alleybux
861,559
There was a pretty large scale spoofing attack on Gmail accounts yesterday where the spoofer was able to trick Gmail into thinking the email was really sent from your account to the point where the emails actually show up in your Sent box, not just your Inbox like spoof emails you might've received in the past. You don't have to go on a password-changing spree like I did this morning when I first saw those emails in my Sent box thinking someone had managed to get my password because your account hasn't actually been accessed. Changing passwords doesn't stop it. Its something Google has to fix in their filters.


The emails "I" sent myself were about loans, male enhancement and Shark Tank.
 

manny

Team Owner
Joined
Sep 12, 2009
Messages
72,830
Reaction score
Reactions
319,062 19,574 2,903
347,919
Alleybux
0
Glad you spoke on this OP,thank you

I do not need any ED help,they give you headaches

So i been told :)
 

SuccessfullyMe

Team Owner
Joined
Nov 6, 2017
Messages
23,281
Reaction score
Reactions
238,528 6,659 3,637
249,488
Alleybux
66,253
Doesn't hurt but people have been reporting on the Google forums and social media that the emails are continuing after password changes and 2 step verification.

I haven't got any, but either Google has been compromised and if so we will hear about it sometime next week or those people click links a lot. They may have installed spyware, so even if they change their password they are able to see the new password. Also, 2 step verification can be overridden. I think they need to look at Google itself or their computer for malware.
 

supernormal

Willow Biden's Press Secretary
Joined
Mar 5, 2015
Messages
23,966
Reaction score
Reactions
301,063 23,651 3,068
434,853
Alleybux
861,559
One of the spoofed emails I received during the attack is for a Russian dating site. Coincidence I'm sure. The Russians wouldn't try to obtain our personal information through phishing.


Oh
 

Sensei

*eyeroll*
Joined
Nov 9, 2014
Messages
15,756
Reaction score
Reactions
124,599 3,057 776
168,144
Alleybux
152,800
I got a sexy asian girls looking for you email in my sent folder. I was like WHAT?
 

ScatterHeart

Buzzing like a fridge
Joined
May 14, 2015
Messages
1,784
Reaction score
Reactions
6,429 72 6
7,231
Alleybux
84,371
Annoying as hell... I freaked out a lil bit and changed my password... praying that I remember it lol
 

supernormal

Willow Biden's Press Secretary
Joined
Mar 5, 2015
Messages
23,966
Reaction score
Reactions
301,063 23,651 3,068
434,853
Alleybux
861,559
Update: All the emails were being sent through a telus.com server - Telus being an international telecommunications company. The Telus email server was hacked or spoofed (they claim it was just spoofed) by these attackers and they abused a loophole Google has ignored because it "did not substantially affect the confidentially or integrity of Google users' data." While that statement may be true, it still should have been taken care of sooner. They appear to have gotten it under control now so if they could solve it in less than 24 hours, there isn't much excuse for putting it off for over a year.



Spammer's delight: Gmail weirdly doesn't see spoofed @gmail.com addresses as junk | ZDNet
By Liam Tung | February 9, 2017

Google's Gmail spam filters may block the bulk of spam from hitting your inbox, but according to one researcher it won't filter spam from a spoofed @gmail.com address.

No one likes spam and for the most part Google does a great job of keeping inboxes free of it. For Safer Internet Day, Google highlighted the "geeky detective work" it does to ensure the average Gmail inbox has less than 0.1 percent spam.

Gmail, for example, "tracks where a message originated, to whom it's addressed, and how often the sender has contacted the recipient". This approach helps Google cull spam before the user sees it.

But, according Renato Marinho, a researcher from Brazilian security firm Morphus Labs, Gmail doesn't filter or indeed even warn users about dodgy messages from a spoofed @gmail.com address. That is, the email appears to have come from a Gmail account, but actually came from a non-Gmail server. It's not hard to imagine the fun that hackers and spammers could have with this behavior.

Marinho demonstrated it to ZDNet using a setup he describes in a post, and the spoofed @gmail.com message arrived as promised in our inbox rather than the spam folder. Gmail did not display a security warning either.

The only indication that something might be amiss was that the sender field showed the Gmail address was sent 'via' another server, but that information wasn't even visible in the Gmail app for iOS and Android.

"Messages coming from @gmail.com addresses are not filtered by Gmail anti-spam in a specific condition," explained Marinho.

First, the spoofed Gmail address needs be pretending to be a valid Gmail address. If it's not a valid Gmail address, the message goes straight to Gmail's spam folder. Marinho also demonstrated this process for ZDNet.

Secondly, the email server that sent the message must be authorized via the Sender Policy Framework of the SMTP sender address domain.

For that to happen, the spammer's email server first connects to Gmail and says it wants to deliver a message from his domain, such as Im-a-spammer.com, but the spammer switches the address to a fake Gmail address.

Gmail then queries the spammer's Im-a-spammer.com domain name service (DNS) server to check if the spammer's email server could send messages on behalf of it, which of course the spammer approves.

Marinho says he informed Google of the issue but was told it would not be tracked as a security bug since it did not substantially affect the confidentially or integrity of Google users' data.

He also said Yahoo rejected the spoofed email while Microsoft's Outlook moved the spoofed message to spam. But he believes a serious issue here is the trust Gmail users have in Google reliably filtering out spam.

"The higher our belief in the provider, the lower tends to be our attention to the risks. The main advice here is to revisit this 'trust logic'. Even highly reputable services may fail, and we need to be careful all the time to avoid risks," he wrote.

One sure way to tell if a sender address has been spoofed is by examining the full message headers.

It's not clear why Gmail doesn't block these emails or hide them in the spam folder. ZDNet has asked Google for a response and will update the story if it receives one.



Techy thread
My account is sending spam emails | Hacker News
 

News Alley

Ask LSA

Top Bottom