Some Gmail users have been receiving spam from themselves

Cal Jeffrey

Cal Jeffrey

Posts: 4,176   +1,424
Staff member

Several users have lodged complaints on the Gmail Support Forum regarding spam emails that have been appearing in their inboxes which seem to have been sent by their own accounts. Users rightfully worried about their email being compromised, rushed to change passwords and enable two-factor identification only to find the emails still coming.

Lee Mathews with Forbes, a victim of the spamming campaign himself, reports that the scammers are using an SMTP email server to “bounce” emails into users inboxes bypassing spam filters.

The way it works is the scammers will first forge the header of the email with the intended victim’s address. Then they send that email to a bogus address that they know does not exist. Since the anti-spoofing system called DMARC (Domain-based Message Authentication, Reporting & Conformance) was created in 2012, most emails servers will simply reject these bogus headers. However, some older SMTP servers still will bounce the email back to the sender without verifying the actual origin of the message. So not only are the spammed ads winding up in inboxes, but they are also showing up in the sent mail folder.

"[We] have no reason to believe any accounts were compromised as part of this incident."

Google issued a statement saying that it is aware of the issue and is working on a fix.

“We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. More information on how to report spam can be found by visiting our Help Center.”

Mathews says that since Google issued the statement, he has not seen any of the bogus emails. He was previously getting an average of two per day.

Permalink to story.

https://www.techspot.com/news/74279-gmail-users-have-receiving-spam-themselves.html

 
I got a couple of these, but didn't even open them as the Subjects were so clearly Spam-glish. Selected them, clicked the Spam button and kept moving.
 
  • Like
Reactions: DelJo63
Now that is the true indication of being boring! It's a wonder I haven't received any ..... yet ....
 
Well if you open them nothing bad will happen, if you click on links however...

I found it fishy that my spam folder was not getting them, very impressive how they spooffed the emails. However very annoying as I was waiting for an important text message I left my phone with the ringer on and kept receiving them... (note to self: make dinner reservations with anticipation...)
 
You must log in or register to reply here.

Similar threads

H
Gmail wants to win the war on junk mail, adds AI spam detection
Replies
2
Views
241
Uncle Al
Uncle Al
midian182
Google's new spam rules pushes mass email senders to include an unsubscribe button
Replies
0
Views
263
midian182
midian182
A
Google will introduce one-tap "Unsubscribe" in Gmail for Android
Replies
2
Views
210
Mr Majestyk
M

Latest posts

Back