Spyware used my gmail account to send thousands of spam e-mails to all my trusted contacts, what should I do?

email gmail spam-prevention spyware bots
6,255

Solution 1

You did the right thing by changing your password. I'd also check that all the contact details (alternate e-mail addresses etc.) are still correct. Monitor the account closely and make sure that no one gets in again. The worst case is that you've got a keylogger installed so you might want to consider changing the password again from a different computer, and running a full scan of your machine.

As to the problem of all the e-mails sent - don't send out a mass e-mail, you'll only be compounding the problem and you might be marked as a spammer. It's important to note that most of the e-mails might not have been delivered if the various mail servers involved have decent, up to date spam and virus filters.

By all means contact the most important people individually - but it's sad to say that with all the spam going around and e-mail spoofing most people get spurious e-mails at some point.

Solution 2

Apart from the fact that your account was hacked, there's the possibility that your email address is now logged in some hacker's database together with all your contacts. In that case, having closed off access to your account won't stop spam from your address from arriving, as it can still be sent from other computers and tricked-out to look like it was sent by you.

The best solution is to abandon your email address, so as to allow your contacts to add it to their black list. For all you know, some anti-spam software on their side might have already done so automatically when receiving email that's obviously spam.

The best tactic in my opinion is:

  1. Several antivirus scans on your computer, or re-installation of Windows,
  2. Change your email address.

If you don't like the idea of installing multiples antivirus programs, Google for "antivirus online scan" and use a couple of the best-known ones to scan the computer (each takes some hours to complete).
Some that I like are Trend Micro House Call and Kaspersky Labs Free Virus Scan.
Please note that they might require you to use Internet Explorer as your browser.

Solution 3

I just logged in to my gmail and was shocked by the amount of automatic responses I got in my inbox. I then looked at my sent messages folder and noticed that apparently, thousands of spam e-mails were sent using my gmail to all my contacts.

Thousands of spam emails ? I may be wrong, but some vague memory assures me that google has some sort of spam filters, that prevents you from sending a mail to more than a certain number of people.

Never do send mails to a lot of people, so never cared about it. Therefore the uncertanty.

These people include trusted contacts such as university and work application managers aswell as other important people. Now that the e-mails have already been sent, what can I do to control the damage done as much as possible? Should I send all those contacts another e-mail explaining the situation? Note that that would mean that another 5000+ e-mails are being sent from my account (which is probably already flagged as "spam"). If I don't clarify however, this will lead to awkward situations.

Yes, if you do care, send a carefully worded mail of explanation.

I checked the IP history and it also says that some IP has logged in to my account 45 minutes ago. I do not know this IP, so the mails must've been send at an other location with my password. I changed my password, but the mails have already been sent.

I am lost here and only see very bad outcomes of the situation, whatever I do. Should I maybe contact google? What do you recommend?

Well, it has nothing to do with google (just like if you crash your car, it isn't Peugeot's fault), but do:
- try to find out as much as you can about that spyware (I never heard of any exploiting gmail)
- try to clean it
- change your gmail password (after cleaning the spyware) - check if the sended mails had any sort of attachment with them

Share:
6,255

Related videos on Youtube

Cory-G
Author by

Cory-G

Updated on September 17, 2022

Comments

  • Cory-G
    Cory-G over 1 year

    I just logged in to my gmail and was shocked by the amount of automatic responses I got in my inbox. I then looked at my sent messages folder and noticed that apparently, thousands of spam e-mails were sent using my gmail to all my contacts.

    These people include trusted contacts such as university and work application managers aswell as other important people.

    Now that the e-mails have already been sent, what can I do to control the damage done as much as possible? Should I send all those contacts another e-mail explaining the situation? Note that that would mean that another 5000+ e-mails are being sent from my account (which is probably already flagged as "spam"). If I don't clarify however, this will lead to awkward situations.

    I checked the IP history and it also says that some IP has logged in to my account 45 minutes ago. I do not know this IP, so the mails must've been send at an other location with my password. I changed my password, but the mails have already been sent.

    I am lost here and only see very bad outcomes of the situation, whatever I do. Should I maybe contact google? What do you recommend?

  • Cory-G
    Cory-G over 14 years
    Should I format my PC? I actually formatted two weeks ago to install windows 7. I did download a few applications meanwhile though, but these came from reliable sources. Spybot search & destroy returned 0 results, and so did avast anti-virus and Ad-Aware.
  • Cory-G
    Cory-G over 14 years
    Right, I am also wondering on what I should do to control the damage that's already been done. Is it best to ignore it?
  • ChrisF
    ChrisF over 14 years
    @Tom - formatting is one option (albeit the nuclear one) and not one I'd recommend as the first choice, but if you've not got much installed and are happy doing it then go for it.
  • Cory-G
    Cory-G over 14 years
    Could you please elaborate your answer a bit more? For example, I am obviousely very interested in what would be your first choice, keeping all the things I've already done in mind.
  • Cory-G
    Cory-G over 14 years
    Update: the question of the comment above should have been "Is it even possible to solve this situation when Spybot search and destroy, avast anti-virus and Ad-Aware all returned 0 results other than formatting the whole hard disk?"
  • ChrisF
    ChrisF over 14 years
    @Tom - my first choice would be to do what you've done and then closely monitor the account for further hacking attempts. If nothing else happens then you've fixed the problem without "going nuclear". However, some people would recommend reformatting straight away.
  • Cory-G
    Cory-G over 14 years
    How can the problem be fixed when there has only be searched but no action has been taken as nothing was found?
  • Cory-G
    Cory-G over 14 years
    First, there's actually only 6 e-mails but with thousands of target addresses, resulting in thousands of e-mails being sent. I checked my sent history, and these are sent. I did check the numbers. Second, Google is hosting my data and has direct control over my account. Peugeot is not in control of my car. I can not find anything about the spyware itself, that is why I am here. I have been unable to clean it. I did change my password. The sended mails did not have any attachments.
  • Cory-G
    Cory-G over 14 years
    Wish I could edit comments to correct spelling mistakes.
  • ChrisF
    ChrisF over 14 years
    @Tom - because the hacking of your account wasn't achieved through keylogging, but I suppose the question of how your account was compromised still remains. However, it would still remain if you reformatted your hard drive again.
  • Cory-G
    Cory-G over 14 years
    I doubt that those programs would find any keylogger in the world, so there is still a chance that it is achieved through keylogging. How would it have been achieved otherwise? If something strange would have happend on Google's side it would probably be all over the news already. I just checked and it isn't so it must be on my side. I also know that I did not share any of my passwords with anyone.
  • Cory-G
    Cory-G over 14 years
    spelling mistake: any = every*
  • Rook
    Rook over 14 years
    What I ment to say is, google is supplying the tool but it's yours houw you use it. Not their problem. // Then how do you know it was a spyware ? A spyware which logs passwords, or exploits gmail, then sends it to someone ... IMHO, pretty complex. More probably someone (by ways unknown) got your password. Clean your system from all (just reformat and reinstall if you can). Safest that way. How can you be sure if it is a keylogger, it hasn't got a hold of the second password ?
  • Cory-G
    Cory-G over 14 years
    Using a different e-mail address will be a lot of hassle, but it might indeed be the only way. I assume that, considering all answers, there is no way to control the damage done however.
  • Cory-G
    Cory-G over 14 years
    I am no expert. But, please enlighten me what else could have stolen my password and then inform someone else about it as I am positive that noone I know in real life could possible have seen it. Such a digital transfer of my sensitive data to the guy who caused it is, as far as I know, always considered as spyware.
  • harrymc
    harrymc over 14 years
    Yes, what's done is done.
  • Rook
    Rook over 14 years
    No need to get bitter ... I'm just trying to help. // Keyloggers are not usually, per se, considered spyware. They fit into their own category. // Third, you first said, and I quote, "thousands of spam e-mails were sent using my gmail to all my contacts", then you said, it was actually send to only 6 mail adresses (which is completely different, because then they distribute it further). Third, if someone used your account to send spam, and he send it to those 6 adresses, how did he know to choose exactly those six (because, I'm sure you have more than 6 adresses in your contacts list).
  • Rook
    Rook over 14 years
    It is a remote positility, but are you absolutely positive no one could've just seen your pass while you were typing it, or maybe used your account while you were away leaving it open (logged in) ?
  • Rook
    Rook over 14 years
    @Tom - those programs mentioned above will not find keyloggers, that's for certain. Try searching for some specialized software for that purpose (none come to mind right now), since keyloggers usually only do two things: keylog (duh), and hide, and some are very good at it.
  • Cory-G
    Cory-G over 14 years
    The damage caused by what is done can sometimes be limited though.
  • Cory-G
    Cory-G over 14 years
    I don't want to act bitter and certainly don't mean anything I say like that. I did not say that they were only send to 6 mail addresses, please read more careful. "there's actually only 6 e-mails but with thousands of target addresses". The 6 e-mails are thus send to thousands of addresses (my contacts). It's out of the question that someone saw me logging in or managed to use my account while I was gone, as I always logout, watch my surroundings and never save my password. The spam message also looks like a typical one, it seems to be automated.
  • harrymc
    harrymc over 14 years
    Treating infection by cauterization is somewhat drastic, but think of the alternative.
  • Seyhan
    Seyhan over 14 years
    I'd leave it. People get a lot of spam every day and most of them will know that you would never send that kind of stuff.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Emails sent via Amazon SES going to spam in Gmail
Gmail is marking my emails as SPAM - Please help
My Gmail e-mail being sent to junk mail
Why does gmail think mail my server sends is a spam?
Can I access Gmail's spam message folder using pop3/imap?
How can I tell if my domain is on an email blacklist?
Flutter receive emails
Swiftmailer config : send mail using gmail
Sending Email to Gmail's SMTP server using TLS and Plain Authentication
Right way to poll GMail inbox for incoming mail from stand-alone application