Gmail Joe-Jobbed, spam sent to all contacts, no sign of forced entry.
November 21, 2014 2:59 PM
This morning, a relative called saying I had sent them spam from my Gmail account. I ran to the computer, checked Gmail's login history, but found nothing suspicious. I checked the spam folder, and sure enough, two pieces of spam with a link to a phishing site which Safari immediately picked up as such (I know, bad idea to click it at all) had been sent to every one of my contacts. I know anyone can spoof anyone else's email, despite the best attempts at protection by Gmail and such. My question is: how did they get my contacts? How can I make this spoofing harder, or at least prevent access to my contacts in the future?
(Further details inside.)
The exact same thing happened a few months ago, and in fact, seems to have happened to another MeFite ().
Based on the headers, these asshats seem to be in a different place in Europe each time, including England, Spain, and Italy. (I'm in the US, and haven't been to any of those countries in years.)
I looked in Gmail's "revoke" menu, but didn't find any suspicious-looking applications, just my phone and Google Voice. I've done the "sign out of all Gmail sessions".
No viruses or malware on any computer that I've used in the past year. I'm not one to log in recklessly from public computers.
There WAS an incident of a hacked email on the network of an organization that I belong to.
The exact same thing happened a few months ago, and in fact, seems to have happened to another MeFite ().
Based on the headers, these asshats seem to be in a different place in Europe each time, including England, Spain, and Italy. (I'm in the US, and haven't been to any of those countries in years.)
I looked in Gmail's "revoke" menu, but didn't find any suspicious-looking applications, just my phone and Google Voice. I've done the "sign out of all Gmail sessions".
No viruses or malware on any computer that I've used in the past year. I'm not one to log in recklessly from public computers.
There WAS an incident of a hacked email on the network of an organization that I belong to.
No, they are not in the sent folder, so this is obviously a spoof, not a true break-in. Still, how did they get my contacts?
posted by Seeking Direction at 3:30 PM on November 21, 2014
posted by Seeking Direction at 3:30 PM on November 21, 2014
It may be that they didn't get your contacts, but someone else who has a lot of contacts that overlap with you. If you've got a friend with, oh, a Yahoo account who shares a lot of the same contacts, it's possible that they got hacked, their contacts mined by the hackers, and your name picked at random as the "from" address.
posted by adamrice at 3:36 PM on November 21, 2014
posted by adamrice at 3:36 PM on November 21, 2014
This happened to me as well 4 months ago and it is the gift that keeps on giving. Earlier this week I spammed my mom's news group!
posted by saradarlin at 4:04 PM on November 21, 2014
posted by saradarlin at 4:04 PM on November 21, 2014
Oh, and I have a 14 digit password with 2 factor identification and only log in on known clean systems... I am totally baffled.
posted by saradarlin at 4:05 PM on November 21, 2014
posted by saradarlin at 4:05 PM on November 21, 2014
If you haven't change your password. Also, you can change the name that shows up in the to part and see if it gets copied as an on going thing. For example mines says Mrs Alexia Sky change it to A. Sky.
It could be you sent out a legit email to a compromised computer without other recipients BCC'd. And they got the addresses that way.
posted by AlexiaSky at 4:56 PM on November 21, 2014
It could be you sent out a legit email to a compromised computer without other recipients BCC'd. And they got the addresses that way.
posted by AlexiaSky at 4:56 PM on November 21, 2014
Having just received a flood of "your message could not be delivered" messages in my Gmail, I will be watching this thread closely.
posted by EatTheWeek at 7:09 PM on November 21, 2014
posted by EatTheWeek at 7:09 PM on November 21, 2014
If you have an actual copy of the spammer's email, and the headers don't show that the messages originated from Gmail's servers, you've just been joe-jobbed, and there's really nothing you can do aside from telling people that someone else is spoofing your email address. I'm with adamrice on this one; it probably wasn't you that got hacked and got their contacts added to a spammer's database, but someone who knows a lot of the same people you do.
posted by Aleyn at 12:43 AM on November 22, 2014
posted by Aleyn at 12:43 AM on November 22, 2014
Did you check your Last Account Activity page? If I'm reading right, it'll show you if someone is accessing your account.
Not seeing spam messages in the "sent" folder isn't a guarantee that the spam didn't come from your account. If a spammer has access to your account, they would most likely delete all/most traces of their activity in your account.
posted by sarah_pdx at 12:48 AM on November 22, 2014
Not seeing spam messages in the "sent" folder isn't a guarantee that the spam didn't come from your account. If a spammer has access to your account, they would most likely delete all/most traces of their activity in your account.
posted by sarah_pdx at 12:48 AM on November 22, 2014
^ Last account activity was the first thing I checked; it showed absolutely nothing out of the ordinary.
posted by Seeking Direction at 9:02 AM on November 22, 2014
posted by Seeking Direction at 9:02 AM on November 22, 2014
Thanks for the help. I'm beginning to suspect it was this or similar malware on a computer at an organization that I belong to. At least one other Gmail account used there apparently started sending spam as well.
posted by Seeking Direction at 9:35 AM on November 22, 2014
posted by Seeking Direction at 9:35 AM on November 22, 2014
« Older Does anyone know a good aerospace headhunting/job... | How do I stop the pain and do what is best? Newer »
This thread is closed to new comments.
posted by thewumpusisdead at 3:19 PM on November 21, 2014