SPAM attack on all my contacts on the Google Contacts

Posted on 2011-05-12
Last Modified: 2013-11-22

Due to my job, I had stored all my official and personal email address and contact numbers of all users with whom I have a working relationship on my Google contacts. I had also synched my Linkedin and Facebook accounts on my contacts in iPhone and these contacts were then synched with my Google contacts list so that I would have one place which held all my contacts.

The contacts list on my iphone contains the Google contacts which is wirelessly synched.

I just found out that a spammer had sent a message to all the contacts on Google contacts. This has caused a lot of embarassment and business issue as people have got the mail and my google inbox has been flooded with out of office and undeliverable messages.

Could you please advise how I best do a firefighting on this. I would not be able to delete my google account as this is the one primary account that I access for all my general purposes and the email ID has been given for a lot of logins and accounts.

How best to send a single mail to all the users apologising for the incident so that they dont mark me as a spammer and also how to ensure that this does not happen again.

Could I contact Google or Gmail Support to ask their help in ensuring that my contats are not open to SPAM attacks and if there is anything that I need to control or restrict at my end on any of the applications or devices that I use -

Office Computerwith leased secure Line
Personal PC with ADSL connection
Google Contacts
synching the contacts
Question by:rax2473
    LVL 10

    Accepted Solution

    My first question is were they sent from you?
    My Second question is Do you use outlook with GMAIL connections?

    I don't think El Goog is gonna do much for you

    You will probably want to change passwords as a start
    If you use outlook then I would look at doing a cleaning of your PC for a possible virus that caused the issue.
    LVL 20

    Assisted Solution

    Hutch hit the nail on the head...

    Most of these attacks are generated from a hacker getting your email account password...
    Only a small number are from malware infected PCs... (Either automatically sent or by someone gaining physical access and using your own stored passwords)...

    You should get hold of a few instances of the SPAM and check the origin IP to see where they came from to get a better feeling as to how this happened...

    THEN... DO as Hutch said:
    + Change to a stronger password and
    + Check all machines you use to access your account for residual cookies or malware!
    + You might consider requiring a password EACH time and NOT allowing machines to "save my password" as a convenience!

    LVL 1

    Author Comment

    Thank you Hutch.
    They all had my gmail address in the from header.
    I dont use Outlook on my machine and I access gmail through the Internet.
    I would change the gmail address password straight away.

    Thank you so much for the help. Could you please suggest what else should I do to preven this from recurring.
    LVL 10

    Expert Comment

    I would look at what n2fc said check the IP it could have been a spoof.. they got into your account grabbed it all and spoofed your email.

    I would then create a strong password caps characters numbers and I would stay logged out in case you check on a compromised PC.

    Key Loggers could be an issue as well.
    LVL 32

    Assisted Solution

    The biggest issues I see are (in order):

     giving Facebook unlimited access to your personal information
     syncing multiple contact accounts together
     letting LinkedIn auto-download your contacts.

    FB allows app developers to mine your data and save it for their use, rental, or sale.  So, every FB app you can download your personal and business contacts.  They have no valid reason for it, but when you give it away, they make money.

    Keep in mind that there are companies out there that specialize in selling personal information.  One of the biggest legitimate purchases are credit card companies and banks.  They rent profile information from the data aggregators.

    One use is in security problems with your account.  When you call in to get a replacement ATM card or credit card, they don't just ask for your address and SSN.  Anyone can get that and request a new card be FedExed to a hotel somewhere.

    They ask you questions about relatives, schools you've claimed to attend/graduate, and names of friends/relatives you have on FB, their hair color.  They have a private scoring system...when you answer enough questions correctly, the profiling system accepts that it's you, and the customer service rep will arrange for a new card to be issued.

    LVL 6

    Expert Comment

    ^^which brings up a second point in addition to the password changes - take a look in your account and see if the security question has been changed (you may want to change it anyway) and make sure the secondary details (ie other email addresses that verify your account or other email addresses that your mail goes to, are what they are supposed to be. Make sure there are no Pop forwards in place that shouldn't be - likewise filters.
    You can see the IP address that opened your account down the bottom of the screen (Last account activity). It won't identify the culprit but it may shed some light onto whether it was a scammer attack (Nigeria, West Africa, South Africa etc) or something closer to home.
    LVL 1

    Author Closing Comment

    Thank you all.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Internet is a big network which is formed by connecting multiple small networks.It is a platform for all the users which are connected to it.Internet act as platform in different fields. Such as: Internet  as a collaboration platform. Internet  as…
    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
    How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now