Google accounts sending spam to contacts in address book

Have you experienced that spam messages are sent from your address? I can guarantee you that you’re not alone. This happens to all of us. The reason is that the protocol used for sending e-mail, SMTP, is a fairly simple protocol designed in the very beginning of the internet’s history. Anyone may basically put any e-mail address in the From field when sending a message. Spammers use this a lot to make it appear like a friend or a colleague is sending you an important message.

What’s even worse and something that we’ve seen lately is that users get their Google account information stolen. The spammers use the stolen information to send spam through Google’s Gmail servers by authenticating using the stolen identity. But they don’t stop there. Since they have access to the Google account, they also use the contacts in the user’s address book as recipients of the spam which not only increases the chances of slipping through spam filters but also increases the chances of the spam being read. The spam message appears to come from an address that you probably trust. An improvement the spammers could do is to translate the spam messages professionally into the language of the recipient. However, this too costly, but may be necessary in the future since it gets more difficult to get through to the more conscious internet users nowadays.

If you suspect that your password has been stolen you should change it immediately and the new one should be hard to guess. You should also make sure you always use SSL connections in Gmail (you turn this on by clicking Settings and Set ‘Browser Connection’ to ‘Always use https’). Also make sure you don’t have any viruses or spyware on your computer.

In Gmail you can see your last account activity in order to see if anyone else logged in to your account. More info here.

Forum thread of users reporting spam being sent to their contacts.

HTMN2RJV79MC