Help, Spammers Hijacked my Email Account!

Category: Email , Spam

A desperate reader asks: 'Can you please help me, somehow my email account got hijacked, and now all my friends are getting spam, FROM ME! I am always careful with my password. How could this have happened, and what should I do?' Read on for the answer...

Did Spammers Really Hijack Your Email?

The first thing to do is relax. It's quite likely that your account wasn't actually compromised. Spammers can use (or abuse) your email address without actually hacking into your email account. It is relatively easy to "spoof" an email address so that it appears a message is coming from one address when it was really sent from another.

Spammers don't like to poke their pointy little heads out from under the rocks where they live, so they try to divert attention from themselves by making it look like someone else sent the message. They use high-volume mail merge software that picks an address at random from their database of addresses, and inserts it into the FROM line of outgoing emails.

If a virus scan shows nothing unusual, if you can still login to your email account with your password, and you see nothing amiss in your Sent folder, then you can safely assume no breach has occurred. In such a case, you can explain to your angry friends that it was the work of an Evil Spammer who forged your address. If they give you flack, tell them to examine the "Received" lines in the email headers (most email programs let you view the headers if you poke around in the options) and they (or their Internet provider) can confirm that the email was not actually sent by you.

Email Hacked

So there's no breach of your inbox, and your friends are satisfied that you've not joined the dark side. You can breathe a sigh of relief. But just to be safe, I recommend that you change your password, update the security question (if your account still uses it), and turn on two-factor authentication. In the worst case, hackers can gain full access to your email account and major trouble ensues.

It is possible for a hacker to change your email password so that you cannot log in to your own account. Then they can raid your contact list to harvest valid email addresses to add to his spam list. Also, the hacker now has access to all of your saved email, which may include sensitive personal and financial information. But it's more likely that a hacker will NOT change the password, to avoid the obvious red flag that would send. If you've been locked out of your own email account, contact your ISP, or use the "can't access my account" link that appears on the login screen to recover.

An email account can be hijacked in a number of ways. Phishing attacks in which a hacker subtly persuades a user into revealing login passwords are a common hijacking technique. A message, purportedly from your bank or other trusted partner, may tell you that a "security check" requires you to respond with your password. Such claims are always bogus; legitimate organizations never ask you to reveal your password via email, phone, or other means. See Spear Phishing and Internet Security for more on that.

Some forms of malware (viruses, spyware, etc.) attack for the purpose of gaining access to your computer, in order to enslave it in a botnet, and use it as a spam spewing device. This can happen without you even knowing, until people from all over the world start accusing YOU of being a spammer! Keylogger spyware installed on your computer can record every keystroke you type and send the results to a remote operator who can then read your password from the log file. There are several ways to detect and defeat keyloggers.

Password Safety Tips

Using the same password on multiple online accounts leaves all of them open to hijacking if just one account is penetrated. Be sure to use unique passwords on email, Facebook, eBay, online banking and other accounts. Storing passwords to other accounts in one place leaves you vulnerable in a similar way. If one account is hacked, a search through data stored there can yield several other passwords.

Failing to log out of an account when you've finished a session makes it easy for anyone who has access to the computer you used to hijack your account. Always log out of accounts accessed from shared computers, such as those in libraries, schools, Internet cafes, etc. A browser's auto-fill forms feature may reveal your password to someone who uses the same computer you use.

Password guessing is a brute-force hacking method that employs software to try random passwords until one works. Many email accounts go into "lock down" mode after a few failed password attempts, but if yours does not it's possible to get hijacked in this way. If you have a very weak or predictable password, it makes the hackers job that much easier. See my article Is Your Password Strong Enough? for tips on choosing a strong, secure password.

And then there are data breaches. Attacks against high-profile websites go after the password database, attempting to crack its security and harvest thousands or millions of email addresses and passwords in one swoop. In some cases, this information is left completely unprotected by incompetent IT personnel. There's not much you can do to prevent this type of attack except to host your email account with a reputable service provider who pays attention to security, and use a secure password.

Network packet monitoring software can sniff out passwords sent over unsecured wireless connections. You should be aware of this type of attack if you use free wifi in a coffee shop, airport, hotel, etc. Use encrypted (https) connections when logging in or emailing over unsecured public wireless networks. My related article [DANGER] Free Wifi Hotspots Can Be Risky has some helpful tips on how to stay safe while surfing in Starbucks.

As I mentioned above, the very best thing you can do to improve the security of any online account is to use two-factor authentication. See my article IMPORTANT: An Extra Layer of Security to understand two-factor authentication, and how it can protect you even if someone has (or guesses) your password.

So to recap, if your friends are asking why you sent those nasty emails, it's almost certain that you didn't. Check your email account for any signs of tampering, run a malware scan, and tighten up your inbox security. Tell your friends to use the DELETE button, and the problem will resolve itself soon enough.

Has your email account ever been hacked? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 2 Apr 2019

For Fun: Buy Bob a Snickers.

Prev Article:
The Best Upgrades for Old Computers?

The Top Twenty
Next Article:
Geekly Update - 03 April 2019

Most recent comments on "Help, Spammers Hijacked my Email Account!"

Posted by:

David Solomons
02 Apr 2019

Also worth mentioning I think, after the big yahoo hack it seems hackers are finding your correspondents' addresses - presumably through some dark web sale. Obviously, you have no control over this and changing your password after the yahoo theft will have no effect on this, because the horse has already bolted. I try to explain this to people who complain, but some simply don't understand the lack of control we have over this and continue to blame us.

Posted by:

02 Apr 2019

I don't agree with your very first comment Bob. In my case they DID hack my Yahoo account (two of them both companies selling sex chemicals from Canada)took 50% each of my Contact List the majority of whom contacted me back and asked why.....?

Yahoo know your online location History - I know because I checked it after this - the two criminal companies were the only two servers of the thousands of listed Indonesian origins without exception. Surely Yahoo has an algorithm to spot this sort of intruder ? BECAUSE Yahoo is quick to tell you that you are using a VPN from Roumania for example.

By he way - someone tell Yahoo the new Format stinks and is so slow as to be going backwards writing emails sometimes hahaha. PLEASE BRING BACK CLASSIC

Posted by:

top squirrel
02 Apr 2019

Quick tip to ascertain your email has just been hacked.
Put an entry on your contacts email list that, if used, will bounce right back to you.
Say: Aaaaaa
If you ever get an email in your box addressed to Aaaaaa, you'll know right away.
Of course, don't use this if your name really is Aaaaaa.
If this is useful to you, feed your neighborhood squirrel. They are just trying to make a living and few of them have ever hacked an email account.

Posted by:

02 Apr 2019

I did use Yahoo for my email at one time. However, it was literally years ago, around the late '90s and early 2000s. I literally was tired of all the SPAM that I got using Yahoo. It was the same thing when I used AOL to connect to the Internet!

Right now, I am using AT&T email service, since my Internet connection is through AT&T. They at least seem to be doing a fairly good job of eliminating SPAM in your Inbox.

I found that when I was getting a lot of SPAM ... My friends would tell me. I learned that it wasn't necessarily my email server that was doing it ... But people at that time were continually forwarding emails to their friends and the SPAMMERS were getting legit email addresses through all of the forwardings that people were doing at that time!!!

They were getting the list of email addresses from all of the forwarding that was being done at that time. Today people rarely use email to pass on information ... They are using Facebook, Twitter, Instagram and so on. I know that it is a very rare occasion that I get an email from a friend or family member these days. I mostly get news feeds, places of interest to me like United With Israel, Make Tech Easier, The Windows Club and so on.

So, I really don't worry about Hackers getting my email address and SPAMMING like they use to do. There are no contacts in my email address book, so what could they find anyway?

What I want are email servers to truly recognize the Phishing emails!!! Phishing is truly causing all sorts of headaches, as well as heartaches, for individuals that click on the "blue links" provided in their emails!!! Too many people don't know how to recognize a Phishing email in the first place. I have been most fortunate in recognizing them. The first one I ever received was an email supposedly from Regions Bank ... I have never had an account with that financial bank. My youngest daughter did along with her husband ... But never for me.

I finally figured out how they got my email address ... I believe that it came from some of the emails of my daughter to me. I can't prove that but I do think I am on the right trail to how I got my first Phishing email. Since then I have learned more on how to recognize a Phishing email and I have had several every once in a while.

So hacking my email address after having it for almost 20 years is the least of my problems with my computer. I am more worried about Hackers getting to my computer to check out my LastPass and Roboform programs. Both of these have important information within them. Anyone who uses any brand of Password Manager will feel the same. This is why a good Anti-Virus/Malware program is essential to protect your computer!!!

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Help, Spammers Hijacked my Email Account! (Posted: 2 Apr 2019)
Copyright © 2005 - Bob Rankin - All Rights Reserved