Google seems to give no protection from known spam-generating apps that are allowed to sneak into Security and take for themselves “permission” to access your google mail account and contact list.
So, if you received a suspicious spam gmail - even from someone you know - and a spamming app glommed onto your gmail account/contacts and started sending faux emails to your contacts, here’s something you can do.
Even if this has not yet happened to you, you may want to look in Security in your gmail account to make sure that only trusted apps have been given permission to use your gmail account.
One of the known culprits is "IQ Elite”. It gets in via a gmail message to you. Once in, it has access to your contacts and starts sending emails to your contacts - pretending these emails are coming from your email account - mentioning you by name - and asking the receiver of the gmail to click on a link. If they do, then their contact list becomes accessible to IQ Elite.
These are the recommended steps to take:
Step 1: Change your gmail password
Step 2: Remove the culprit’s cookies
Step 3: And this, I think is important for all gmail users to do because you can find out who/what has permission to access your gmail account and your contacts:
Go to http://google.com/... (log in if required), click “Security”, under “Connected applications and sites” click “Manage access” and if it’s there, revoke access for Flipora and other services you don’t trust.
http://emmanuelcontreras.com/...
Thanks to Emmanuel Contreras for helping people to do what I think should be Google’s job - namely to block permission to known Spammers to access gmail accounts and contact lists.