Gmail spam campaign is a worrying false alarm

By JC Torres/April 22, 2018 11:01 pm EST

Once simply equated with a canned meat product, "spam" has taken on a different and negative meaning in the modern, computer age. More than just a mere annoyance, however, email spam can also become the vehicle of malware and all the vileness that those bring. For a few excruciating hours, those fears became seemingly real for some Gmail users who thought they've become the victim of email hacking. Fortunately, they were not. The incident does, however, raise new doubts on Gmail's spam filtering capabilities.

Some Gmail users had a rude awakening on Sunday when they discovered spam email in their Sent folders. This naturally made such users fear that they're accounts have been compromised and are now being used to send spam to others. Many changed their passwords to no effect and even those protected by two-factor authentication didn't seem to be safe.

As it turns out, however, there was no hacking involved. According to a Google representative speaking to Mashable, it's just regular spam with one difference. It forged email headers so that it appeared the account was sending emails to themselves and to others. And because of that, it was placed in users' Sent folders and not being flagged as spam. Here's the statement in full:

"We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam."

Curiously, the header was forged to make it look like the emails were being sent via Canadian carrier Telus. Telus also released a statement saying that it has investigated the matter and confirms that there were no emails being sent from or through its servers. It was all a big lie, but one that obviously caused a great deal of panic and complaints.