Gmail Users Hit with Spam Emails Appearing From Telus

Gary Ng
6 years ago

Gmail users on the weekend complained of spam filling up their inboxes, all appearing to be sent by our Canadian wireless carrier, Telus.

Google’s email product forums saw numerous users seeking help, as emails appeared in their Sent folders noting “via Telus”. Those who changed passwords and had two-factor authentication enabled were affected.

The issue was fixed late Sunday, as a Telus spokesperson told iPhone in Canada in a statement:

We identified spam emails that were disguised to appear as if they came from telus.com. We can confirm the messages were not generated by TELUS, nor were they sent from our server. We worked with our 3rd party vendors to resolve the issue, and continue to advise our customers not to respond to any suspicious emails. https://www.telus.com/en/bc/support/article/identity-theft-fraud

When pressed for exact details on what had caused this issue, Telus did not provide any extra information, aside from the statement above.

One user named ryan-c on Hacker News attempted to break down what possibly happened:

Telus has this entry:
exists:CL.%{i}.FR.%{l}.F2.%{o}.spf.nssi.telus.com

Reading RFC 7208, that would be expanded to
exists:CL.69.64.35.11.FR.reply.F2.telus.com.spf.nssi.telus.com

which means if that any record exists at that name, it will pass.
dig +short cl.69.64.35.11.fr.reply.f2.telus.com.spf.nssi.telus.com
127.0.0.1

trying a few other values, it seems that telus.com is saying ALL IP addresses are allowed to send for it.

According to a Google spokesperson (via Mashable), they took action to fix this “spam campaign”:

We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident.

Https 2F 2Fblueprint api production s3 amazonaws com 2Fuploads 2Fcard 2Fimage 2F758660 2F3568f004 626f 433f b6e6 0f36c2b9922e

Image of Gmail spam email which appeared to be sent ‘via Telus’

Did your Gmail account send out any spoofing emails appearing from Telus?

P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.

Other articles in the category: Telus

Public Mobile Tries to Lure Back Ex-Customers with Sad Offer

Telus-owned Public Mobile has seen some customers jump ship from the company, after it announced it was ending its legacy rewards program, instead shifting everyone over to the new Public Points program. Now, some customers that left Public Mobile are receiving some ‘winback’ offers to lure them back to the company. But the one deal...
John Quintet
3 days ago

Koodo Giving 50GB Free Data to ‘Amazing’ Customers

Telus-owned Koodo continues to give out free data to select customers, notifying them of the special freebie via text message. According to text messages sent out yesterday, Koodo says the free data is because summer is around the corner and they want customers to see this year as “your best summer yet!”. “To thank you...
Gary Ng
3 days ago

Telus Debuts Android Offer: Buy One, Plant One for Earth Month

Telus has unveiled a new environmental offer, "Buy One, Plant One," aimed at adding to reforestation efforts during Earth Month, when customers buy an Android device. From April 18 through May 16, Telus pledges to plant a tree for each new or certified pre-owned Android device purchased by new, returning, or business customers, committing to...
John Quintet
4 days ago