Google confirms reports of mysterious mails popping up
Google has confirmed that it is possible for spammers to create spoofed emails that appear in a user’s ‘sent mail’ folder.
The Chocolate Factory on Monday told The Register that someone has indeed been creating and sending spam messages with spoofed email headers. These not only show a fake sending address, but also show up in that person’s ‘sent’ screen as if they had typed it themselves.
Users have been noticing and reporting the problem for a few days on Google’s Gmail help forum. In each case, users said that messages they never wrote were showing up in their sent message folders.
While using fake headers to disguise the source of spam emails is nothing new, it is very unusual for a copy of those messages to appear as ‘sent’ mail. This, understandably lead users to worry their accounts had been hijacked.
« It started around 7:30 EST for me. Emails going to inbox and sent email folder, » writes one affected Gmail user. « Appear to have been sent by me. Changed password several times and didn’t change anything. »
Google says there has been no breach in this case. Rather, someone has been spoofing email headers.
« We have actively taken measures to protect against a spam campaign that impacted a small subset of Gmail users. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder, » Google said.
« We have identified and reclassified all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. »
How exactly the spammer was able to not only spoof the headers but also make the messages appear in the sent folder of the faked sender is a mystery. We’ve asked the Mountain View ads giant for clarification on this, but at the time of publication have yet to hear back. ®
Sponsored: Minds Mastering Machines – Call for papers now open
