This morning, I woke up to find my Gmail account sent out hundreds of sketchy emails within a few minutes. These emails were generic spam with PDFs attached, and I definitely didn't write them. I've checked my Google account activity and saw no new devices or strange IP addresses. I have two-factor authentication enabled and changed my password right away. There are no suspicious third-party apps linked to my account either. I haven't clicked on any odd links or installed anything recently. I'm really confused about how this could happen. Could someone be spoofing Gmail's API or sending emails from my account without a new login? Any insights would be greatly appreciated, as this is freaking me out!
2 Answers
It could be someone misusing app access. I recommend removing all connected apps from your Google account, even the trusted ones, and changing your password again to be safe.
Just a heads up, sending emails through Gmail's SMTP doesn't require two-factor authentication, so it’s possible it was done with an app password. You can search for 'app passwords' in your Google Account settings to check for any you aren’t aware of and remove them if needed.
If it was a spoofed SMTP, it wouldn't appear in your outbox, right?