It's bad enough that several Gmail accounts are reporting unexplained spam in their inbox, but what's worse is they're apparently sent by themselves, even though most of the accounts employ hard-to-crack two-factor authentication.
Google's spam filtering technology is typically excellent at separating legitimate emails from spam, which makes the incident an odd aberration from Gmail's otherwise sterling security protections. However, a spam variant was successful at bypassing those protections, possibly by making it seem as if the spam recipient is also the sender.
Gmail Spam Fiasco
The complaints can be found on the Gmail Help Forums, where spam being sent by their own accounts appears to be the common thread across the reports. These spam emails, typically about weight loss and growth supplements, are labeled as sent by "Me" in the inbox, complete with the user's own profile photo. In truth, though, opening the spam messages reveals a different sender, but the user's email address still appears on the "From" line.
Fearing that the incident may have been a security breach, some users quickly changed their passwords but to no avail.
"My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don't recognize," wrote Gmail user Louis Morton. "I changed my password immediately after the first one, but then it happened again 2 more times."
It doesn't look like it's a security issue, though, as suspicious log-in checks note that the accounts don't appear to have been tampered with. It's more likely that a third-party sender is spoofing email addresses to make it appear as though the spam is being sent by them.
Google has officially addressed the issue, claiming it affects only a "small subset of Gmail users" — and it thinks no account has been compromised because of it. Google said it has actively taken measures to protect accounts from further receiving and "sending" spam.
On Twitter, Google employee Seth Vargo confirmed that "engineering teams are aware of this and are working on a resolution."
Sent By Telus?
Another common denominator shared by the spam emails in question is that they all appear to be sent by Telus.com. Telus, a telecommunications company based in Canada, claims it has confirmed that the messages are not being generated by the company, as Mashable reports.
"We are working with our 3rd party vendors to resolve the issue, and are advising our customers not to respond to any suspicious emails."
Are you seeing spam on your Gmail account? Feel free to sound off in the comments section below!