Your Gmail May Have Been Used To Send Spam, But It Wasn’t Hacked

Updated on

Lately, some Google Gmail users might have been under the impression that their accounts had been hacked. Such users sighted the spam messages such as “growth supplements” in their sent items, delivered to unknown email addresses.

“My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don’t recognize,” one user said on Google’s forum.  Further, the user said that he changed the password immediately after the first mail but could not stop the spam message reaching the sent items. The subject of the Gmail spam mail was weight loss and growth supplements for men.

Good news is, Google has now taken care of this Gmail spam messages issue, and the issue is not as bad as many of the users might have thought. According to the search giant, such accounts were not hacked and were a security issue, which has now been taken care of. A few of these Gmail spam mails were sent “via,” but the Canadian carrier denies sending any such emails.

In a statement to Mashable, the tech firm said that they are aware of the Gmail spam campaign and have taken measures to protect against it. “This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder,” Google said.

Further, the company said that they have identified and reclassified all offending emails as spam and have no evidence at hand to prove that any of the accounts were compromised. Addressing the users, the company said that in case the users notice any suspicious emails, they should report it as Spam.

In another recent Gmail-related incident, a developer found that Gmail’s email handling creates a handy phishing vector to attack Netflix customers. Just like most of the systems, Netflix recognizes dots in e-mail handles, and thus, can differentiate between amanjain and aman.jain. However, Gmail does not have any such feature.

According to developer James Fisher, he received a legit e-mail from Netflix addressed to [email protected], and it was redirected by Gmail to his dotless account. Fisher said that since the email was sent to the correct inbox and came from Netflix, he was very close to accepting the request to update his details including the credit card info.

According to Fisher, it creates the Phishing vector, wherein an attacker could find a Netflix account whose Gmail registration already exists, and can register another account with an extra dot in the Gmail address. In this way, hackers may get their hands on vital data.

Meanwhile, to up the security for the users, Gmail is working on a “Confidential Mode,” which enables Gmail senders to prevent recipients from forwarding, copying, downloading or printing specific emails, according to The Verge. The feature, which could be aimed for business users, enables users to set a passcode to open emails, generated by SMS in addition to setting an expiration date for such emails.

According to The Verge, even though the new feature would restrict someone from downloading, copying and printing the email, it would not restrict anyone from taking a screenshot of an email. Also, it is not clear how the security features would hold true for those using IMAP and POP3 to access Gmail.

Other security features also possibly in the works are Snooze, Smart Replies and different views of Gmail. Reportedly, there could be more changes in Gmail over the coming months, including revamping the look of the hugely popular email service.

In a statement to The Verge, a Google spokesperson said that efforts on a major Gmail upgrade is underway. “We need a bit more time to compose ourselves, so can’t share anything yet—archive this for now, and we’ll let you know when it’s time to hit send,” the spokesperson said.

With Smart Reply, users would get the ability to choose from three automatic responses based on the original message. Smart replies would just be a tap away. For instance, if an email asks, “would you like to go to dinner tonight?” Gmail would suggest “sounds great” as one of the replies. Although the feature has been available on the Gmail app, a web version would arrive soon.

Further, Google is also reportedly planning to enable access to emails even when the users are not connected to the web. Gmail offline would allow users to read, respond, and search their mail without an internet connection.

All these features sound useful, however, there is no word on when these would be included in Gmail.  Hopefully, more about the features will be revealed during Google’s I/O conference, which will kick off on May 8 and last until May 10.

Leave a Comment