By Leo Notenboom
Hi,somebody is sending emails to my contacts using my email address to which
I haven’t sent. How can this be? Have I been hacked into? I do have full
internet security avg 9,could you please let me know what action to take if any
as I find this quite worrying! I have changed my password so far, but that is
You should be worried.
I’m not sure that I’d say you’ve been “hacked into”, but my guess is that
your email account has indeed been compromised.
I’ll look at what likely happened, why this isn’t like other “Someone’s
sending from my email address!” kind of issues, and what steps you need to take
The big clue here is that email is being sent from you to contacts
in your address book.
unauthorized address book access.”
In the “old days”, that typically meant that your computer had acquired a
virus, and that virus was in turn accessing your PC’s email program and
systematically sending email to everyone in your contact list or address
While that’s still a possibility – and you should absolutely make sure that
your anti-malware tools are running and up to date – it’s not nearly as common
as it once was. Most email programs now carefully protect against unauthorized
address book access.
What more likely occurred is that your email account has been compromised
– meaning that you probably have an on-line email account, free or otherwise, that
someone has gained access too. By virtue of doing so they now have access not only
to your email, but to your address book as well. It’s all too common these days to hear
of folks whose accounts have been compromised only to have all their friends
get inundated with spam, threats, malicious emails or messages that try to
impersonate you and scam your contacts out of money.
How this happened is difficult to say. It could be anything from a weak
password that’s easy to guess, to your account credentials being sniffed in an
open WiFi hotspot, to your simply having shared the account information with
someone you should not have.
For all we know, it could also be a roommate walking up to your computer
when you’re not using it and sending messages right then and there.
(And for the record, last year there was a partial account compromise at one
of the larger free email services – account credentials were stolen without the
users having done anything wrong. Same result.)
I’ve talked before about email that appears to come from you, but in fact
does not. This is different. Specifically:
Spam email is sent to random people you don’t know, “spoofing” the From:
address to make it look like it comes from you when it does not. There is
almost nothing that can be done about this.
Email from stolen accounts is sent to people in your address book,
and is not spoofed at all – it really is coming from your account. It’s just
not you sending it.
[This post is excerpted with Leo’s permission from his Ask Leo blog.]
Leo Notenboom has been involved in the tech industry for nearly 30 years. After retiring from an 18 year career as a Microsoft Software Engineer Leo went on to create Ask Leo!, a free web site where he answers real questions from ordinary computer users.
FaceBook URL: Leo’s Facebook
Twitter URL: http://twitter.com/askleo
1,638 total views, 1 views today