A strange spam attack that spoofs senders themselves is affecting Gmail users Sunday.

Google LLC itself describes it as a “small subset of users” but may be more widespread. The first indication of something strange is Gmail users receiving inbox messages that are tagged as coming from “me” with various messages, making it appear as if the user themselves have sent the message.

Only when opening the email is the affected user informed by Google that “It seems to be a fake ‘bounce’ reply to a message that you didn’t actually send.” As The Verge noted, the messages appear to be routed through Canadian internet service provider Telus, and because the messages appear to be coming from the same user, Gmail in some cases is filing the message into affected users’ sent folder.

Given the unusual nature of the campaign, at least some Gmail users are concerned that they have been hacked. A Mashable writer thought it was their account that had been compromised, despite having two-factor authentication enabled, and so did a number of people on Google support threads.

In a statement to 9to5Google, Google said that they were aware of the spam campaign and have actively taken measures to protect against it, including identifying and reclassifying all offending emails as spam. Users “have no reason to believe any accounts were compromised as part of this incident,” the statement noted.

Although Google described the spam campaign as affecting only a “small subset of users,” this writer not only received the spam emails but also saw many other people either directly or by association encounter the same problem.

The good news is that Google has applied the filters per the statement with no more strange spam emails coming through. But if the incident proves anything, it’s the importance of remembering that even services we expect to be safe from hacking and spam remain vulnerable despite the best intentions.

Image: notoriousxl/Flickr