Spammers Hijacked Your Email?

Category: Email , Spam

A reader asks: 'Can you please help, somehow my email account got hijacked, and now all my friends are getting spam, from me! I am always careful with my password. How could this have happened, and what should I do?' Read on for the answer...

Did Spammers Really Hijack Your Email?

The first thing to do is relax. It's quite likely that your account wasn't actually compromised. Sometimes spammers use your email address without actually hacking into your email account. It is relatively easy to "spoof" an email address so that it appears a message is coming from one address when it was really sent from another.

(See Spammer Using My Email Address to learn more about how this can happen.)

If a virus scan shows nothing unusual, and you can still login to your email account with your password, then most likely no breach has occurred. But just to be safe, I recommend that you change your password, and for good measure, add two-factor authentication to your account. In the worst case, hackers can gain full access to your email account and major trouble ensues.

Email Hacked

It's common for a hacker to change your email password so that you cannot log in to your own account. Then they can raid your contact list to harvest valid email addresses to add to his spam list. Also, the hacker now has access to all of your saved email, which may include sensitive personal and financial information. If you've been locked out of your own email account, contact your ISP, or use the "can't access my account" link that appears on the login screen to recover.

An email account can be hijacked in a number of ways. Phishing attacks in which a hacker subtly persuades a user into revealing login passwords are a common hijacking technique. A message, purportedly from your bank or other trusted partner, may tell you that a "security check" requires you to respond with your password. Such claims are always bogus; legitimate organizations never ask you to reveal your password via email, phone, or other means. See Spear Phishing and Internet Security for more on that.

Many forms of malware (viruses, spyware, etc.) attack for the purpose of gaining access to your computer, in order to enslave it in a botnet, and use it as a spam spewing device. This can happen without you even knowing, until people from all over the world start accusing YOU of being a spammer! See my related article BOTNET ALERT: Are You Vulnerable? to learn more about botnets.

Keylogger spyware installed on your computer can record every keystroke you type and send the results to a remote operator who can then read your password from the log file. There are several ways to detect and defeat keyloggers.

Password Safety Tips

Using the same password on multiple online accounts leaves all of them open to hijacking if just one account is penetrated. Be sure to use unique passwords on email, Facebook, eBay, online banking and other accounts. Storing passwords to other accounts in one place leaves you vulnerable in a similar way. If one account is hacked, a search through data stored there can yield several other passwords.

Failing to log out of an account when you've finished a session makes it easy for anyone who has access to the computer you used to hijack your account. Always log out of accounts accessed from shared computers, such as those in libraries, schools, Internet cafes, etc. A browser's auto-fill forms feature may reveal your password to someone who uses the same computer you use.

Password guessing is a brute-force hacking method that employs software to try random passwords until one works. Many email accounts go into "lock down" mode after a few failed password attempts, but if yours does not it's possible to get hijacked in this way. If you have a very weak or predictable password, it makes the hackers job that much easier. See my article Is Your Password Strong Enough? for tips on choosing a strong, secure password.

Server-level attacks against email providers, online stores, or financial institutions go after the password database, attempting to crack its security and harvest thousands or millions of email addresses and passwords in one swoop. There's not much you can do to prevent this type of attack except to host email only with a reputable service provider who pays attention to security, and use a secure password.

Network packet monitoring software can sniff out passwords sent over unsecured wireless connections. You should be aware of this type of attack if you use free wifi in a coffee shop, airport, hotel, etc. Use encrypted (https) connections when logging in or emailing over unsecured public wireless networks. My related article The Big Problem With Free Wifi Hotspot has some helpful tips on how to stay safe while surfing in Starbucks.

Has your email account ever been hacked? Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 16 Mar 2017

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 15 March 2017

The Top Twenty
Next Article:
[HOWTO] Copy Old Hard Drive to New PC

Most recent comments on "Spammers Hijacked Your Email?"

Posted by:

16 Mar 2017

A quick check for spoofed email is that it frequently has a name and an email address that doesn't match.
I frequently see email that has a friend's name on it but a totally spammy looking address behind it.

Posted by:

16 Mar 2017

I have had my AOL account since 1996 (May be off a year or two). During that time I have had my email address and email contact list hacked about 5 times. 3 of the earlier hacks involved everyone on my email list being sent information on ordering erectile dysfunction medication.

After the 3rd time I deleted 90% of the e-mail contacts that had been growing automatically, year by year. I now have only 20 permanent e-mail contact addresses and those people all recognize hacked email when they get it.

I also change my AOL password every 6 months.

Posted by:

16 Mar 2017

I use most of the free apps you mention in the linked article "detect and defeat keyloggers" and I was wondering if the advice in one of your recent articles "How To Eliminate 94% of Windows Vulnerabilities Easily" would help here too.

I am still trying to get my head around all the info in that article but I definitely see the sense in not logging on as administrator unless I have to.

Re: your comment on using a computer that others also use it may be prudent to set up the browser so that ALL info, cache, cookies, login's, history etc. .. everything .. is deleted automatically upon closing the browser.

Posted by:

16 Mar 2017

A common thing that happens is that an email that has your email address in it (it may been sent to you or cc'd to you or ...) is acquired by a spammer. (Maybe one of your friends email was hijacked or various other ways the spammer gets an email with your email address in it.)

Now the spammer starts sending spam that appears like it came from one of the people in that email and sends it to the other people in that email. So people get a spam email that appears to come from one of their friends.

As has already been mentioned above, anyone can spoof an email so that it appears to have come from anyone.

And as Bob mentioned, it is actually relatively rare that your email account gets hijacked. If you are suspicious, change your password. Also use two factor authentication if you can.

Posted by:

Howard Spencer
16 Mar 2017

Great article Bob. I had something similar happen to me some years ago. I had moved residence and was without internet for a period of time. The next thing I knew I was getting phone calls from friends asking me why I was sending them all kinds of junk emails. I got internet again and found my email account was crammed full of all kinds of garbage. After cleaning it out the problem went away so its anyone this happens to shouldn't worry too much.

Posted by:

Robert A.
16 Mar 2017

I think it's important not to give out one's email address willy-nilly to those small block ads that so often appear on, oftentimes on the bottom or sides of legitimate, mailings and blogs from authors and companies to which one subscribes. These ads may be from outfits that one might not typically recognize as a well known or respected brand name, and may try to lure one to enter a so-called "sweepstakes" offering large amounts of cash or other valuable prizes.

Advertisers such as these may use the names and logos of famous companies and brand names, without authorization, to try to trick the reader-subscriber into believing that the contest or sweeps in somehow affiliated with or sponsored by the well-known company.

Clicking on such ads is really an attempt to get email addresses, under the guise of a glitzy but rigged contest, that likely no one ever wins. Such companies are not likely to post privacy policies, which one is likely to find at the bottom of any legitimate commercial email, or not to promise not to share collected email addresses with other advertisers. Supplying one's email address to these scammers in most likely result in a flood of unrelenting, questionable spam that may be very difficult to stop.

Posted by:

Bob k
16 Mar 2017

I've been hit by a different kind of hijacking, and don't know how to solve it. I have had an email address for close to 20 years, and for a long time that was the only one I had. It is still used by a few legitimate companies where for various reasons I maintain it.

A certain individual has handed out my email address to many places that ask for an email address. From what I understand he is completely computer illiterate, and doesn't have a computer. I have asked him to stop giving out my email address, and made this request to his wife, that apparently may do the same thing. This crap continues.

I have successfully succeeded in getting myself off some of the emailing lists of the companies where he has given my email address. But others (like his congressman) I am not able to get thru to.

I don't know if his activity is illegal in any way -- he lives in a different state.

My ISP tells me there is no way he can be reading those emails destined for him, and I have changed my password several times. And they tell me there are no other email addresses they have that are similar to mine.

How do I handle this?

Posted by:

Peter B.
16 Mar 2017

I got hacked by a guy named Toxic several years ago because I was not paying attention..... some site asked for my name and password although I never set an account up..... the light appeared as I clicked send..... two days to get my account back

Posted by:

16 Mar 2017

I have been getting email with subject lines that indicate they are p**n. AOL marks them as spam and I do not open. Annoying. Now I am getting email from reputable companies with subject lines indicating my "rewards" are expiring. AOL also marks those as spam and I don't open. This started after a friend sent me several gift cards, which I have not used. Apparently she got "rewards" for buying them and may have had to give my email address. Lesson: Beware of giving gift cards that involve rewards.

Posted by:

Bob K
16 Mar 2017

Before you open anything that is the least bit suspicious, take a peek at the full headers. If the email originated in some far off country, beware! Not very many companies use email services like Yahoo or Gmail.

Regardless of who sent you an email, one that arrives with no subject line, and just a link for you to go to with no explanation -- that should turn your suspicions up to high!

Posted by:

16 Mar 2017

I understand about spoofing. What I don't understand is how the spoofer gets the email address book of someone without hacking their email account. So, when I get spam supposedly from a contact of mine, how did they make the connection between the 2 of us without that?

Posted by:

Bob k
17 Mar 2017


One way is thru emails that get forwarded on to others. Say you get an email that says you must forward it on to everyone in your address book, so you do. That exposes you (in the FROM address) and a whole bunch of probably valid email addresses in the TO or CC addresses. When that gets on to someone harvesting addresses, they have hit pay dirt.

When you forward email on, do two things. (1) Edit out of the body all email addresses from previous forwarders. (2) Use BCC for the people you are sending on to.

Posted by:

Allan Brunner
17 Mar 2017

It happened to me about 8 years ago. I'm 99% sure it happened when I used an internet café, because my laptop was in for repair, even though I logged out. I discovered it because when I got my laptop back, I couldn't send emails because my daily limit had been reached and saw all the spam emails in the sent folder. This was also before I had a smart 'phone.

Now I have 2 separate email providers (to help get back in in case it happens again, a very strong password and never use internet cafes. At home I unplug from the internet when I'm not using it thereby minimising the opportunity for anyone to hack.

Posted by:

17 Mar 2017

This has nothing to do with the article but I did want to say Happy Birthday to a very helpful fellow!

Posted by:

17 Mar 2017

Just tried to order the iDrive for $39....won't let me, guess they are sold out.

Posted by:

Allen Peters
17 Mar 2017

Hello, before I discovered Zeus Hackers, I had my website hacked several times over the years and it was affecting my business. They helped me worked on my security firewall and let me see in details that the security system is actively defending my site from attacks around the clock. You can contact them on ZEUSHACKERS01@OUTLOOK.COM or text on (862) 205-3225. They also offer services like hacking mobile devices like your partner's texts and calls,whatsapp hacks, website database, instagram hacks,facebook hacks,recover passwords, emails, iCloud hacks, upgrading school grades and lots of hacking services. . Goodluck

Posted by:

13 Aug 2017

i met a guy called Sam ,he helped me hack into my spouse INSTAGRAM,KIK,FACEBOOK AND GMAIL. Now i can monitor my spouse day to day messages and activities with out him knowing .he is very kind and i compensated him after his services. contact him at :
INSTAGRAME: Samhoffman3.. can try him out?

Posted by:

13 Dec 2018

hello everyone...Sincerely, I was lost with no hope for my husband was cheating and had always got away with it because i did not know how or always too scared to pin anything on him. with the help a friend who recommended me to who help hack his phone, email, chat, sms and expose him for a cheater he is. I just want to say a big thank you to QUADHACKED@GMAIL.COM. am sure someone out there is field with doubts and uncertainty about their spouses loyalty, go get your proof before you write that will or use him as your next of kin. you can also contact him for all sorts of hacking jobs too..he is fast and reliable. tell him Rose referred you.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy

Article information: AskBobRankin -- Spammers Hijacked Your Email? (Posted: 16 Mar 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved