Email spoofing is when the sender of an email, typically spam, forges (spoofs) the email header \”From\” address so the email being sent appears to have been sent from a legitimate email address that is not the spammers own address. To trick spam filters into allowing the email through by using a reputable email address. This would be one way your friends and family would see spam emails from you in their Inbox, rather than their spam folder. To prevent the bounce back emails from being received in the spammer\’s own inbox. Spammers may send their spam out to thousands of email addresses, and inevitably a lot of those emails are going to bounce. Since spammers don\’t want to receive hundreds of bounce back messages, this prevents that from happening. Email spoofing is more common with email accounts that are not actively used. PIf the account is used on a daily basis, there\’s a higher chance that your account might have been compromised by malware or a virus. While there is no fool-proof way to prevent either type of abuse to your email address, you could adopt some \”best practices\” when it comes to your email security:
Change your password frequently. Always run full virus scans on your computer (at least once a week).
Avoid including your email address in online blogs and posts. Try using (at) and (dot)com instead of @ and. com to prevent malicious automations from harvesting your address. Avoid using your primary email account for everything online. If you are signing up for something like a mailing list, contest, application form, or something similar, use a free throwaway email account like Gmail or Hotmail, something you don\’t mind deleting if it gets abused. Only use your primary email to communicate with people you know or trust. There s a bucket-load of issues here, and quite frankly an awful lot of confusion. This can be a very frustrating situation, but what happens next, if anything, depends on what s really going on. Is it really you? First, I have to ask: how do you know that it s your account being used to send spam? What s incredibly important is to realize that just because the spam says it s from your email address, that doesn t necessarily mean that the spam was actually sent from your account. Spammers can fake the from address. It s very easy to do. That means that they can make an email message look like it came from you or me without ever having to access our accounts.
They don t have to anything. It s trivial. So, the first thing is: never assume that spam with your email address in the from line actually came from you. In most cases, it actually hasn t. How do you tell for sure? Well, there are two ways. Is the spam in your sent mail folder? If it is, then yes, your account has been hacked and it was used to send spam. There s clear evidence. Of course, hackers can and often do delete the sent mail, so finding no spam in your sent mail doesn t rule out a hack. The other approach is to look at the headers of the spam messages themselves. Now I m not saying the simple headers like the from line -that you see by default in most email programs, but the full list of headers that geeky people, like me, look at. If you view original in Gmail on a message you ll see them. Or in Outlook, look in the Advanced Properties of the message, I believe. And of course there are other ways on other mail services and programs to take a look at these full message headers. Someone knowledgeable about what to look for can look at those headers and determine if indeed the message came from your actual email account, or if it s just a spammer faking the from address.
Given what you ve described, I think it s most likely that a spammer faked the from address without accessing your account. So, what do you do if they re sending email that looks like it came from you but your account was never involved? You can do absolutely nothing. It is completely out of your hands since you and your account were never actually involved. Let your friends know that it s not you, it s not your account; and get on with your life. If your account was involved, things get more interesting. You need to change everything in that account that could be used for password recovery. That means the passwords and the secret questions, like you mentioned. It also means confirming that the associated mobile number or alternate email address is what you expect it to be. You even need to check if that added automatic forwarding or messaging-processing rules that would still allow them into your account. You need to check it all. As long as one tidbit remains that the hacker could use to regain access by faking a lost password recovery, he will. And about your contacts: As long as the contacts came from your online address book and you re really, really certain about this, then it s possible that your account has been compromised at least once.
The problem is that now the cat s out of the bag. All the hacker needed to do at that time is make a copy of your contacts, exporting the entire list perhaps. Then no matter what you do with the account after that, he still has that list. He can still send fake email to look like it comes from you and send it to that list. Once again, there s nothing that can be done about this either, other than making sure you can completely recover your account and secure it properly. Once the hacker has your contact list, he has your contact list forever. Email account theft is rampant. If it happens to you, there are several steps that you need to take not only to recover your account, but to prevent it from being easily hacked again. Email spoofing is rampant. Spammers often send email that looks like it came from you. And there s little that you can do about it. Articles relating to the plague that is spam why it exists, what to do about it, what NOT to do about it, and basically how to live with minimal frustration in a spam-filled world.