Recently Google reported that there was a new wave of spammers that are spoofing email accounts to make it look like you are sending yourself a spam message. The crazy thing is these emails ever appear in your sent items.
I found out this was happening well before Google said anything about it. OK, I only knew about it because it happened to me. I’ll admit, it is very alarming to see emails that you never sent say they were sent from you. I’m going to go over what to do if you think your email was spoofed or hacked.
Change your password
We have passwords to keep us secure, it makes sense that you change your password. If your account was hacked then there is a good chance this will fix the issue.
If you use Gmail, it’s also important to remember that Google stores your credit card in the app store. You use the same password to access both your email and purchase stuff from the Google play store. A hacked email account could mean that every password stored in Chrome is compromised. It’s very easy to look and see what your stored password is.
If you were hacked, there is a possibility that your hacker changed your password… And password recovery options. If this is the case, you’ll need to try to recover your account with Gmail.
Head over to the account recovery page. In most case, you’ll need to start a new email address and forget about the old one.
https://accounts.google.com/signin/v2/recoveryidentifier. Just follow the on screen prompts. The more information that you can accurately provide, the better the chance that you can get into the account.
Hacked or spoofed
The first thing that you should know what’s the difference between being hacked and being spoofed. When you’re hacked they have access to your account, whereas being spoofed they make it look like a message was sent from your account
Find out if you actually been hacked or if they’re just spoofing your email address, you’ll need to look at the header information of one of the messages. It doesn’t matter if the message is one that you have sent or if it’s one that you received. It can even be a bounced message the header information will show you the tracking information of that message. That includes the tracking of a bounced message.
- Open a message
- In the top right corner, click the down arrow next to the reply button.
- Click Show Original
- Look for received by
- Open a message
- Click the gear
- Click view full header
The header information can be confusing, and it can be forged. Don’t worry about understanding what it means. When you report it you’ll need to copy the header information.
Email providers take email security very seriously. Especially companies like Google because they know that they’re holding other information on you as well.
These companies have a way for you to report incidents to them. They do this so that you can raise awareness to issues. Whether these issues are because you have been hacked, spoofed, or have found a bug, they usually have you report all issues through the same form. They’ll figure out where everything goes internally and sort it all out.
Just because you report an issue doesn’t mean that that company is going to respond to you. Email providers typically have millions of customers that they provide email service to you’re not the only one sending a message. You can report a problem with an email here. You will need a specific message so they can investigate.
For the case of Gmail spoofing incident that recently happened I’m sure they’ve got thousands of messages similar to the one that I sent them. They’re going to see the patterns and know how widespread the issue is. One of the most important troubleshooting steps is determining if it is just one person or if it is everybody.
What to do next
So you changed your password but these messages are still happening. If that’s the case then that’s further confirmation that you’re being spoofed. It’s highly unlikely that they can hack a new password that you created in a short period of time
Depending on what messages were sent out and what the content of those messages were. You may want to inform your contact list that this incident happened. In my case the messages were being spoofed and none of them were sense to anybody that I know so I didn’t have to inform people.
Back when I was in college I had a friend whose email account was hacked. Somebody had started sending messages saying that she was stranded in England and that she needed people to wire them money to help her afford a plane ticket home.
I don’t know if any of her contacts fell for that. I didn’t, but I was able to identify that there was an issue. I informed her about what was happening and to confirm if she really was stranded or not. Because I was able to inform her of the situation, she sent out a message to everyone letting them know what happened and not to send money.
Presumably your contact list is going to be full of people that you know and you want to do what you can to keep them safe from the pains that have arisen because of your email account.
If your email account is being spoofed and your account is being bombarded with the undeliverable messages, you may just have to ride out the storm. Email servers can recognize spammers and will Blacklist email addresses used to spam.
This may take 2 or 3 weeks of you getting these kinds of messages. If that’s not something you can handle or deal with, then you could consider getting a new email address. Getting a new email address had its own share of headaches though. Just take a minute to think about every account that uses your email account and how much time it would take to change them all.
Regardless if who your email provider is, they pay a team of people to fight this kind of stuff for you. The thing is, hackers and spammers (and we should include phishers) are constant trying new ways to get what they want. The people who fight are constantly playing a game of cat and mouse.