On Thursday, Adobe announced that hackers had broken into its systems, stealing some of its source code and stealing information on some 2.9 million customers.
Adobe’s security team said that it was contacting customers via email to tell them how they can change their passwords, as well as sending letters to those who had credit card information exposed.
It’s somewhat disappointing then to discover that Gmail, one of the world’s most popular webmail providers, is mistakenly blocking Adobe’s warning as spam.
Here’s how the message, sent by Adobe Customer Care with the subject line “Important Password Reset Information”, appears in Gmail’s spam folder.
Google has added the (incorrect) warning that users should be cautious of the email:
Be careful with this message. Similar messages have been used to steal people’s personal information. Unless you trust the sender, don’t click on links or reply with personal information.
It’s not clear quite why Gmail has mistaken this legitimate email from Adobe as spam, but clearly the Google service has misidentified it as an attempt to phish details from users.
Possibly a lot of Gmail users have received the message and mistakenly flagged it as spam, tricking Gmail’s systems into believing that the message is bogus.
It’s just speculation on my part, but I wonder if Gmail would have thought the email less suspicious if each message had been customised with the recipient’s name in its body (“Dear Graham Cluley”) rather than identical generic wording?
Of course, users *should* be wary of the email. And indeed *any* other email telling them to visit a webpage to reset their passwords. After all, there *are* plenty of phishing messages which might attempt to trick you like that.
But this wasn’t one of them.
Gmail users who have accounts at Adobe might wish to check their “spam” folder, but if you can’t be bothered to go hunting here is the link to reset your Adobe password: www.adobe.com/go/passwordreset