By Leo Notenboom
Hi,somebody is sending emails to my contacts using my email address to which
I haven’t sent. How can this be? Have I been hacked into? I do have full
internet security avg 9,could you please let me know what action to take if any
as I find this quite worrying! I have changed my password so far, but that is
all.
You should be worried.
I’m not sure that I’d say you’ve been “hacked into”, but my guess is that
your email account has indeed been compromised.
I’ll look at what likely happened, why this isn’t like other “Someone’s
sending from my email address!” kind of issues, and what steps you need to take
next.
The big clue here is that email is being sent from you to contacts
in your address book.
unauthorized address book access.”
In the “old days”, that typically meant that your computer had acquired a
virus, and that virus was in turn accessing your PC’s email program and
systematically sending email to everyone in your contact list or address
book.
While that’s still a possibility – and you should absolutely make sure that
your anti-malware tools are running and up to date – it’s not nearly as common
as it once was. Most email programs now carefully protect against unauthorized
address book access.
What more likely occurred is that your email account has been compromised
– meaning that you probably have an on-line email account, free or otherwise, that
someone has gained access too. By virtue of doing so they now have access not only
to your email, but to your address book as well. It’s all too common these days to hear
of folks whose accounts have been compromised only to have all their friends
get inundated with spam, threats, malicious emails or messages that try to
impersonate you and scam your contacts out of money.
How this happened is difficult to say. It could be anything from a weak
password that’s easy to guess, to your account credentials being sniffed in an
open WiFi hotspot, to your simply having shared the account information with
someone you should not have.
For all we know, it could also be a roommate walking up to your computer
when you’re not using it and sending messages right then and there.
(And for the record, last year there was a partial account compromise at one
of the larger free email services – account credentials were stolen without the
users having done anything wrong. Same result.)
I’ve talked before about email that appears to come from you, but in fact
does not. This is different. Specifically:
Spam email is sent to random people you don’t know, “spoofing” the From:
address to make it look like it comes from you when it does not. There is
almost nothing that can be done about this.
Email from stolen accounts is sent to people in your address book,
and is not spoofed at all – it really is coming from your account. It’s just
not you sending it.
Is Changing Your Password Enough?
[This post is excerpted with Leo’s permission from his Ask Leo blog.]
Leo Notenboom has been involved in the tech industry for nearly 30 years. After retiring from an 18 year career as a Microsoft Software Engineer Leo went on to create Ask Leo!, a free web site where he answers real questions from ordinary computer users.
FaceBook URL: Leo’s Facebook
Twitter URL: http://twitter.com/askleo
1,765 total views, 1 views today
How unfortunate that the long winded response did not answer the need to know how this happenned nor how to prevent it.
Hi Leo
I had an e-mail from a lady, and added at the top of the page was an advertisement from a Canadian Pharmacy selling Viagra, &c.
I sent her a copy of your solution and and she sent me back an email. Your answer cleaned her system.
Hi. The same thing has happened to me. The first thing i knew was an email from my main account to my secondary account. It did not have my secondary account as the delivery address there was no address but had my main accout as sender. It told how great the iphone i had supposedly just received was, badly spelt with several gramatical errors. I looked in my main account sent box, it had not been sent from there. So i opened a folder sent that email into it. I checked with my friend and he had received the same email but he realised that it was not from me by the errors. He contacted others who we knew and i texted by phone to warn the rest. It appears to download the sent box addresses as they were the only ones that received mails. It is strange because this is a new HP Pavilion DV3-2310ea Windows 7 x 64 bit. I am having problems with Bluetooth File Transfer Wizard, i cannot transfer files and compatability will not cure it, Samsung Mobile have said there is no drivers for 64bit yet. I have tried to point his out to microsoft but there is no way i can. So i contacted HP technical assistance by email to see if they counld help or put it to whoever could cure the Bluetooth prob. I received an email badly written with spelling and gramatical errors giving me website addresses to go to and get the drivers from, so i tried but there was none. It wasn’t untill after i received the strange email that and had the probs that i realise it may have not been from HP or the websites are false as there is strange similarities to the problem mail.. I have changed all my passwords and it seems to have cured it. Now that i see more people have suffered from this i will point my fears out to HP by landline hopefully to their customer services in the uk. As soon as possible.
this also happened to me with windows live mail and when I went to their support site,it appeared that it was happening to a lot of hotmail clients. I removed my hotmail account from windows live mail,only logged into hotmail from web site and changed password. I waited a month and added hotmail account back to windows live mail and have not had a similar occurance.
I had a friend that this happened to. We were all getting emails from her with strange people’s names in the subject line. We would not open them. They were very suspicious. She finally just changed her email server. What a pain for her.
This happened to me once when I opened a PowerPoint chain-mail from a friend. Some code in that presentation must have bypassed security and gone right to my Outlook Addressbook. Most embarassing for an IT retiree to send junk mail to his ex!
Needless to say, I NEVER open PowerPoint stuff anymore.