SPAM attack on all my contacts on the Google Contacts


Due to my job, I had stored all my official and personal email address and contact numbers of all users with whom I have a working relationship on my Google contacts. I had also synched my Linkedin and Facebook accounts on my contacts in iPhone and these contacts were then synched with my Google contacts list so that I would have one place which held all my contacts.

The contacts list on my iphone contains the Google contacts which is wirelessly synched.

I just found out that a spammer had sent a message to all the contacts on Google contacts. This has caused a lot of embarassment and business issue as people have got the mail and my google inbox has been flooded with out of office and undeliverable messages.

Could you please advise how I best do a firefighting on this. I would not be able to delete my google account as this is the one primary account that I access for all my general purposes and the email ID has been given for a lot of logins and accounts.

How best to send a single mail to all the users apologising for the incident so that they dont mark me as a spammer and also how to ensure that this does not happen again.

Could I contact Google or Gmail Support to ask their help in ensuring that my contats are not open to SPAM attacks and if there is anything that I need to control or restrict at my end on any of the applications or devices that I use -

Office Computerwith leased secure Line
Personal PC with ADSL connection
Google Contacts
synching the contacts
Who is Participating?
My first question is were they sent from you?
My Second question is Do you use outlook with GMAIL connections?

I don't think El Goog is gonna do much for you

You will probably want to change passwords as a start
If you use outlook then I would look at doing a cleaning of your PC for a possible virus that caused the issue.
Hutch hit the nail on the head...

Most of these attacks are generated from a hacker getting your email account password...
Only a small number are from malware infected PCs... (Either automatically sent or by someone gaining physical access and using your own stored passwords)...

You should get hold of a few instances of the SPAM and check the origin IP to see where they came from to get a better feeling as to how this happened...

THEN... DO as Hutch said:
+ Change to a stronger password and
+ Check all machines you use to access your account for residual cookies or malware!
+ You might consider requiring a password EACH time and NOT allowing machines to "save my password" as a convenience!

rax2473Author Commented:
Thank you Hutch.
They all had my gmail address in the from header.
I dont use Outlook on my machine and I access gmail through the Internet.
I would change the gmail address password straight away.

Thank you so much for the help. Could you please suggest what else should I do to preven this from recurring.
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

I would look at what n2fc said check the IP it could have been a spoof.. they got into your account grabbed it all and spoofed your email.

I would then create a strong password caps characters numbers and I would stay logged out in case you check on a compromised PC.

Key Loggers could be an issue as well.
The biggest issues I see are (in order):

 giving Facebook unlimited access to your personal information
 syncing multiple contact accounts together
 letting LinkedIn auto-download your contacts.

FB allows app developers to mine your data and save it for their use, rental, or sale.  So, every FB app you can download your personal and business contacts.  They have no valid reason for it, but when you give it away, they make money.

Keep in mind that there are companies out there that specialize in selling personal information.  One of the biggest legitimate purchases are credit card companies and banks.  They rent profile information from the data aggregators.

One use is in security problems with your account.  When you call in to get a replacement ATM card or credit card, they don't just ask for your address and SSN.  Anyone can get that and request a new card be FedExed to a hotel somewhere.

They ask you questions about relatives, schools you've claimed to attend/graduate, and names of friends/relatives you have on FB, their hair color.  They have a private scoring system...when you answer enough questions correctly, the profiling system accepts that it's you, and the customer service rep will arrange for a new card to be issued.

^^which brings up a second point in addition to the password changes - take a look in your account and see if the security question has been changed (you may want to change it anyway) and make sure the secondary details (ie other email addresses that verify your account or other email addresses that your mail goes to, are what they are supposed to be. Make sure there are no Pop forwards in place that shouldn't be - likewise filters.
You can see the IP address that opened your account down the bottom of the screen (Last account activity). It won't identify the culprit but it may shed some light onto whether it was a scammer attack (Nigeria, West Africa, South Africa etc) or something closer to home.
rax2473Author Commented:
Thank you all.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.