Finding spam messages in your Sent folder usually suggests a hacker has gained access to your email account and then used it to send mail to the contacts in your address book. You’ll need to lock them out of your email account to prevent it happening again.
How did a hacker access your email account?
There are many ways a hacker might gain access to your email account, including the possibility that your login credentials fell into their hands through a data leak on another site, or perhaps you inadvertently handed it over by downloading some dodgy software or clicking a nefarious link (also see
Best antivirus software).
It’s also quite possible they accessed it via a brute-force attack, whereby they fire thousands of potential passwords at your account until they find one that fits. This is why it pays to
always use a strong password, and to use different passwords for each online service to which you are subscribed.
Why are they pretending to be you?
By impersonating you in spam messages to your contacts they play on the idea that your contacts probably trust you more than they would trust a spam message from a random account. If you ask them to click on a dodgy link within that message, they are much more likely to click on it without considering its legitimacy.
How do you stop a hacker sending spam messages on your behalf?
Change your email password. This will immediately lock them out of your account – and it’s important to do so before they turn the tables on you and lock you out of your own account.
In order to keep them out, you’ll need a password they won’t easily be able to hack again. It’s also a good idea to routinely change that password, just in case someone else gains access without your knowledge.
You can also
enable 2-step verification as an extra layer of security for your Gmail account. This will require you to input your password as usual, but also to enter a unique verification code sent to you via a text message to your phone. Since the hacker doesn’t have access to your phone this should help to keep them at bay.
What should you do next?
If the sent message contained a suspicious link it may be an idea to email those contacts and request that they don’t open the previous message from you and don’t click the link. If they do, recommend that they also change their password.
Changing my password didn’t work
A recent Gmail issue has meant some users have been finding spam messages in their sent folder, but even after changing their password the spam messages kept on coming. This is because, according to Google, spammers were using forged email headers that confused the service. The issue has now been fixed.
Mashable: “We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident.“