Spoofed Email Alert

Last night I discovered that my gmail account had been spoofed in order to spam the contacts in my address book.  Spoofs are when some anonymous bag of douche borrows your email in order to spam others.  Think of it as if someone sent an annoying snail mail to everyone you know and used your return address on the envelope -same concept- that’s what email spoofing is.  There is no way to prevent this or stop it as it happens quite frequently, particularly with a gmail account.

If you ever take a look in your spam folder, you’ll see from time to time, emails with “me” (meaning you) in the sender line.  This is a clear indicator that someone spoofed your address to spam others.  But if you DO see these bounced emails in the spam filter, consider them benign.  Gmail caught it and disposed of accordingly. No harm no foul.

OTOH, spoofed emails become problematic if your account has been compromised.  How can you tell if this has occurred?  Simple.

Go into the sent folder and if there are emails there that you don’t remember sending and the subject line has gibberish or a name you cannot recognize, then chances are the account was compromised.  Especially, if you see an email and you open it and there is a single URL in the body, and you cannot ID it, nor remember sending it, then this probably means someone used your account to spam everyone in your contacts.  Spammers use gibberish in the subject line and a single URL (usually). DON’T EVER CLICK ON THAT URL.

Looks like the following:

Likewise, to check the log in activity for the account do the following:

Log into gmail and scroll to the very bottom
Find the words “last account activity at this IP” then click “details”

This will pop up a separate window detailing the IP address of all the locations that were logged when you logged into your account.  If you see the same sets of numbers as below and the time frame & access type coincides with how & when you know that you checked your gmail, then you’re probably OK.


If, OTOH, you see different sets of IPs and access types, it could be the following:

You logged into gmail from a mobile phone
You logged into gmail from a work pc
You logged into gmail from a friend’s pc or a friend’s phone

The IP address has a country location immediately following it.  If you see that there are 2 or 3 different IPs that are from the U.S., then it most likely means that these are the IPs of where you logged in (work – phone – friend).  If, OTOH, any of those IPs are from, say, Brazil, or anywhere else outside the U.S., then your account has most likely been compromised. Don’t panic.   You haven’t yet confirmed this is the case.  (more to follow after happy bunny).

Determine exactly what IP addresses you are using by going to What Is My IP.

Do this for each location you logged into gmail with.  If this is not possible, then you’re going to have to hazard your best guess and assume that those differing IP addresses -the ones you can’t ID that are from inside the U.S.- are all from you having checked gmail at another computer other than your own.

BTW – if you are on a dial up connection, then your IP address will be different each time as dial up generates a different IP address each time you log on.  But if this is the case it just makes it easier to ID the location because chances are, you already know which location you logged in from that you had to use a dial up connection.


While you cannot do anything about spoofing, you can, however, take steps to secure your account.  Right now, immediately, go into your gmail and click on “settings.”

Make sure you click the “accounts & import” tab and ensure that:

“send mail as” address is correct
POP3 is disabled  (assuming you aren’t using POP)
In “change account settings” click on “google account settings”

Under google account settings ensure that:

you change your password to at least 8 characters and/or includes characters such as #%#@$^$#^%$%$& to an existing pw  (write it down and keep it in a safe place.)

change pw recovery options (write it down and keep it in a safe place.)

check the authorized websites (make sure there is nothing accessing gmail that you have not specifically authorized such as twitter or wordpress, for e.g.)

MAKE SURE YOU USE A VIABLE SECONDARY EMAIL ADDRESS because in the event you ever do get locked out (due to spammers having compromised the account) you won’t be able to get back in when you use the recovery options.

Under the “general” tab ensure that:

under browser connection that always use https is selected

vacation responder is blank (assuming you aren’t on vacation and using it)

If you determine that your account has been compromised, or you’re just pissed off that your email address was borrowed without permission to annoy others with spam, then you can report them to Google by opening the message and clicking on the down arrow located to the right of  “Reply” and clicking “Report Phishing.”   This probably won’t yield any tangible results, but you can still feel good about it because it helps Google to pinpoint the scam artists/spammers and at least help to keep them somewhat contained.

Of course, if your gmail account is of no account to you, then just disregard the above referenced.

Lastly, change your password on a regular basis and never share it with anyone you don’t know or trust. (write it down and keep it in a safe place.)

This concludes your Gmail Security 101 lesson for today.  Any questions just ask.

©2010 Peyton Farquhar™ and Prattle On, Boyo™. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Peyton Farquhar™ and Prattle On, Boyo™ with appropriate and specific direction to the original content.


One Response to Spoofed Email Alert

  1. […] but they also would have taken a cue from Gmail’s account activity feature and logged the IP address of every single device that accessed the account.  Cookies can be cleared, but an IP address is […]

Please note comment(s) that do not comport with policy will be held in the queue.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: