My GMAIL was spoofed, what can be done?

Free Republic ^ | April 21, 2018 | Hostage

[Hostage]

Somehow my and my 11-year old son's gmail was spoofed, meaning someone is able to send messages out using our gmail accounts.

The spoofed emails show up in my sent folder.

We changed our Google account passwords. But I am still studying what else to do; not confident I understand how it happened, not confident I've done what needs to be done.

My son plays on Xbox Live and I don't know what goes on there but he's smart enough to not give out personal info.

I have a 2-step verification process enabled.

Here's one of the spoofed messages (I redacted out my gmail with ******@gmail.com)

from: ABC Shark Tank <******@gmail.com> via telus.com
to: senderus@justvaluerate.com,
senderse@justvaluerate.com,
monsl@50-233-80-21-static.hfc.comcastbusiness.net,
mz@traveldailymedia.com,
gego@nih.gov,
iscontact@rei.com,
mz@wp.com,
info@chadog.fr,
info@autotrader.com

date: Sat, Apr 21, 2018 at 7:17 PM

subject: Exclusive Limited Time Online Offer Shark Tank Success Story

mailed-by: telus.com

security: ip-pool.com did not encrypt this message Learn more

________________________
Whoever got hold of my gmail changed the gmail name from my personal name to 'ABC Shark Tank' shown above. Also, I don't know any of the addressees.

The body of the spoofed gmail has a line from Google that says:

"This may be a spoofed message. Gmail couldn't verify that it was actually sent from your account. Learn more"

The 'Learn more' link is kind of useless.

Here's the second spoofed message title:

------------is A Big P R o s T a T e [M A k I N G] Your LiMp?

Anytime I see a subject title like that, I push the Spam button but this is from my gmail address:

from: -----------------Optimum Male Health <*******@gmail.com> via telus.com

So my real name was changed to '-----------------Optimum Male Health'

I sent a TEST message to myself and everything looks good. Only 2 spoof messages used my gmail and no other for now.

The only other spoofed message came from my son's gmail where his gmail was also spoofed. His mail is redacted below to 'xxxxxxxx@gmail.com' and his name was changed to 'Funeral Quote':

from: Funeral Quote
to: senderus@justvaluerate.com,
senderse@justvaluerate.com,
monsl@50-233-80-21-static.hfc.comcastbusiness.net,
mz@traveldailymedia.com,
gego@nih.gov,
iscontact@rei.com,
mz@wp.com,
info@chadog.fr,
info@autotrader.com

date: Sat, Apr 21, 2018 at 7:20 PM
subject: Maybe You’re Just Not Ready For A Girlfriend…
mailed-by: gmail.com
security: Standard encryption (TLS) Learn more
: Important according to Google magic.
______________________________
This one borders on porn and I don't do porn, neither does he (I check his website history from time to time and set child security so he's not able to see any smut).

[Cboldt]

-- Your account has not be hacked. Your email however is being spoofed as you said. It's easy to do (really easy) without access to your account. --

Yes.

[RightGeek]

If it's "well spoofed", then it will appear in your Sent Mail. Think of it as being like a Gmail Send Mail as entry. While Gmail requires that the user authenticate these before it allows you to use them, the SMTP protocol doesn't require the Sender to be authenticated. If I send you a message with the sender field set to "You ", Gmail will recognise that as sent by you and will file it in the Sent Mail view.

However many spoofed messages are sent as "your_a...@gmail.com ". While these look like they came from you (the text email address is shown in the display), Gmail can easily recognise that they didn't because it looks at the real email address inside the "<...>". We can see the difference if we look at the details using the drop down.

[RightGeek]

” the gmail sent mail folder is essentially just a search for all mail From your address. Having mail in there does not prove that it came from your account.”

See
https://productforums.google.com/forum/#!topic/gmail/N3Cfn82ROmU

[lepton]

That’s a weird way to handle e-mail, but it makes sense.

[Oatka]

Each side individualy is great.
What should I do?

Split the difference. :-)

[Albion Wilde]

So the day cream gets rubbed on my computer screen and I won’t see anything scary?

Yes. Rubbed, like with a cloth. :-)

[ConservativeMind]

“If I send you a message with the sender field set to “You “, Gmail will recognise that as sent by you and will file it in the Sent Mail view.”

That is preposterous. Provide a reference.

[RightGeek]

See post #63 for one.

[ConservativeMind]

I went through the whole list, and you referenced something from eight years ago. Gmail has had DKIM in place since shortly after that and there are no open relay concerns. Even if Google did a search through everyone’s Gmail and improperly identified a spoofed header as need to be put in someone’s legitimate Sent folder, it would already be flagged as not originating from Gmail.

That reference also required Hostage to be forwarding email from a different domain and server into Gmail, which is not what is happening.

[RightGeek]

I don’t know that we can answer the question of the original poster without seeing the headers. I was just observing that GMAIL has notoriously had this problem with Spam appearing in the sent folder. See also https://productforums.google.com/forum/#!topic/gmail/N3Cfn82ROmU

[RightGeek]

Sorry - that’s repeat of the other link.

[StolarStorm]

What were you saying again???

Gmail accounts appear to send out spam, and their owners are baffled

[StolarStorm]

In case you haven’t see the article yet, see above. It’s exactly what is happening to you. Hopefully google gets it fixed soon.

[discostu]

There’s a big difference between spoofing and hacking. With SMTP software (available free anywhere) I can spoof any e-mail address, it’s just a matter of setting my from to be whatever I want. There’s nothing you can do about it because it has nothing to do with you.

[ConservativeMind]

This appears to be a bizarre Gmail issue, after all.

It looks like a new problem.