GOOGLE IS WORKING on a fix for a bug in Gmail which is causing spam messages to be sent to people, by themselves.
The Google Help Forums have been chattering with people who have received the erroneous messages, even with two-factor authentication (2FA) enabled.
The original post says: "My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don't recognise. I changed my password immediately after the first one, but then it happened again 2 more times. The subject of the emails is weight loss and growth supplements for men advertisements. I have reported them as spam. Please help, what else can I do to ensure my account isn't compromised??"
It was followed by a lot of "me too" posts, most of whom conquered that they had a recent password and/or 2FA.
Although two-factor authentication is a much safer proposition than old-fashioned passwords, it isn't foolproof, though the fact that so many people had their 2FA seemingly bypassed suggests the problem really came from within, not without.
That's not necessarily to say that the spam came from inside Google - it almost certainly didn't, but the glitch that was allowing the spam actors to get through is almost certainly inside the Google ecosystem.
The vast majority seem to be coming via Telus, which is a Canadian provider. Subjects are around cryptocurrency and funeral insurance.
Telus has acknowledged this issue, saying:
There are currently spam emails being circulated which are disguised to appear from https://t.co/rpexKwMFiR. We can confirm they are not being generated by TELUS nor are they being sent from our server. We are working with our 3rd party vendors to resolve the issue. pic.twitter.com/LzYZMTU0ZN— TELUS Support (@TELUSsupport) April 22, 2018
Google has acknowledged a "small" spam problem which it is currently resolving in as much as the problem lies with them.
"Spoofing", the practice of sending spam from a fake (but real) email address is nothing new, but to actually have it sending to and from yourself is a little weirder.
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites