Share:

Gmail Users Hit with Spam Emails Appearing From Telus

Share:

Gmail users on the weekend complained of spam filling up their inboxes, all appearing to be sent by our Canadian wireless carrier, Telus.

Google’s email product forums saw numerous users seeking help, as emails appeared in their Sent folders noting “via Telus”. Those who changed passwords and had two-factor authentication enabled were affected.

The issue was fixed late Sunday, as a Telus spokesperson told iPhone in Canada in a statement:

We identified spam emails that were disguised to appear as if they came from telus.com. We can confirm the messages were not generated by TELUS, nor were they sent from our server. We worked with our 3rd party vendors to resolve the issue, and continue to advise our customers not to respond to any suspicious emails. https://www.telus.com/en/bc/support/article/identity-theft-fraud

When pressed for exact details on what had caused this issue, Telus did not provide any extra information, aside from the statement above.

One user named ryan-c on Hacker News attempted to break down what possibly happened:

Telus has this entry:
exists:CL.%{i}.FR.%{l}.F2.%{o}.spf.nssi.telus.com

Reading RFC 7208, that would be expanded to
exists:CL.69.64.35.11.FR.reply.F2.telus.com.spf.nssi.telus.com

which means if that any record exists at that name, it will pass.
dig +short cl.69.64.35.11.fr.reply.f2.telus.com.spf.nssi.telus.com
127.0.0.1

trying a few other values, it seems that telus.com is saying ALL IP addresses are allowed to send for it.

According to a Google spokesperson (via Mashable), they took action to fix this “spam campaign”:

We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident.

Https 2F 2Fblueprint api production s3 amazonaws com 2Fuploads 2Fcard 2Fimage 2F758660 2F3568f004 626f 433f b6e6 0f36c2b9922e

Image of Gmail spam email which appeared to be sent ‘via Telus’

Did your Gmail account send out any spoofing emails appearing from Telus?

Share:

Deals