Was Your Email Account Just Hijacked?
A concerned AskBob reader asks: 'Please help... I think my email account got hijacked, and now all my friends are getting spam, FROM ME! I am always careful with my password and online activities. How could this have happened, and what should I do?' Read on for my answer... |
Did Spammers Really Hijack Your Email?
The first thing to do is relax. It's quite likely that your account wasn't actually compromised. Unfortunately, spammers can misappropriate your email address without actually hacking into your email account. It is relatively easy to "spoof" an email address so that it appears a message is coming from one address when it was really sent from another.
Spammers don't like to poke their misshapen heads out from under the rocks where they live, so they try to divert attention from themselves by making it look like someone else sent the message. They use high-volume mail merge software that picks a name and address from their database, and inserts it into the FROM line of outgoing emails. How do they get your email address in the first place? Sadly, we read about massive data breaches all the time, where millions of customer records are exposed and sold on the dark web. That’s most likely place for spamming operations to get access to huge amounts of valid names and email addresses.
If a virus scan shows nothing unusual, if you can still login to your email account with your password, and you see nothing amiss in your Sent folder, then you can safely assume no breach has occurred. In such a case, you can explain to your angry friends that it was the work of an Evil Spammer who forged your address, and that the messages didn’t actually come from you. A physical equivalent would be sending a letter with someone else’s return address on the envelope.
If your friends still think you're selling fake Rolex watches or running a mail-order bride service, you can prove them wrong. Tell them to examine the "Received" lines in the email headers (most email programs let you view the headers if you poke around in the options) and they (or their Internet provider) can confirm that the email truly was not sent by you or your account. (See my article Can You Trace an Email? Maybe, Here's how… for the scoop on how to decode email headers and trace the path of an email.)
So there's no breach of your inbox, and your friends are satisfied that you've not joined the dark side. You can breathe a sigh of relief. But just to be safe, I recommend that you change your password, update the security question (if your account still uses it), and turn on two-factor authentication.
But what if your email account was compromised? It is possible for a hacker to change your email password so that you cannot log in to your own account. Then they can raid your contact list to harvest valid email addresses to add to their spam lists. Also, the hacker now has access to all of your saved email, which may include sensitive personal and financial information. But it's more likely that a hacker will NOT change the password, to avoid the obvious red flag that would send. If you've been locked out of your own email account, contact your ISP, or use the "can't access my account" link that appears on the login screen to recover.
An email account can be hijacked in a number of ways. Phishing attacks in which a hacker subtly persuades a user into revealing login passwords are one hijacking technique. A message, purportedly from your bank or other trusted partner, may tell you that a "security check" requires you to respond with your password. Such claims are always bogus; legitimate organizations never ask you to reveal your password via email, phone, or other means. See Spear Phishing and Internet Security for more on that.
Some forms of malware (viruses, spyware, etc.) attack for the purpose of gaining access to your computer, in order to enslave it in a botnet, and use it as a spam spewing device. This can happen without you even knowing, until people from all over the world start accusing YOU of being a spammer! Keylogger spyware installed on your computer can record every keystroke you type and send the results to a remote operator who can then read your password from the log file. There are several ways to detect and defeat keyloggers.
Password Safety Tips
Using the same password on multiple online accounts leaves all of them open to hijacking if just one account is penetrated. Be sure to use unique passwords on email, Facebook, eBay, online banking and other accounts. Storing passwords to other accounts in one place leaves you vulnerable in a similar way. If one account is hacked, a search through data stored there can yield several other passwords.
Failing to log out of an account when you've finished a session makes it easy for anyone who has access to the computer you used to hijack your account. Always log out of accounts accessed from shared computers, such as those in libraries, schools, coffee shops, etc. A browser's auto-fill forms feature may reveal your password to someone who uses the same computer you use.
Password guessing is a brute-force hacking method that employs software to try random passwords until one works. Many email accounts go into "lock down" mode after a few failed password attempts, but if yours does not it's possible to get hijacked in this way. If you have a very weak or predictable password, it makes the hackers job that much easier. See my article Is Your Password Strong Enough? for tips on choosing a strong, secure password.
And then there are data breaches, as mentioned above. Attacks against high-profile websites go after the password database, attempting to crack its security and harvest thousands or millions of email addresses (and less often, passwords) in one swoop. In some cases, this information is left completely unprotected by incompetent IT personnel. There's not much you can do to prevent this type of attack except to host your email account with a reputable service provider who pays attention to security, and use a secure password.
Network packet monitoring software can sniff out passwords sent over unsecured wireless connections. You should be aware of this type of attack if you use free wifi in a coffee shop, airport, hotel, etc. Use encrypted (https) connections when logging in or emailing over unsecured public wireless networks. My related article Free Wifi Hotspots - A Big Risk? has some helpful tips on how to stay safe while surfing in Starbucks.
As I mentioned above, the very best thing you can do to improve the security of any online account is to use two-factor authentication. See my article [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts to understand two-factor authentication, and how it can protect you even if someone has (or guesses) your password.
So to recap, if your friends are asking why you sent those nasty emails, it's almost certain that you didn't. Check your email account for any signs of tampering, run a malware scan, and tighten up your inbox security. Tell your friends to use the handy DELETE button, and the problem will resolve itself soon enough.
Has your email account ever been hacked? Post your comment or question below…
This article was posted by Bob Rankin on 21 Sep 2021
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Outbound Firewall For Extra Security? |
The Top Twenty |
Next Article: Geekly Update - 22 September 2021 |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved Privacy Policy RSS/XML |
Article information: AskBobRankin -- Was Your Email Account Just Hijacked? (Posted: 21 Sep 2021)
Source: https://askbobrankin.com/was_your_email_account_just_hijacked.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Was Your Email Account Just Hijacked?"
Posted by:
Bart
21 Sep 2021
You have run this story several times in the past, but you never explain how a spammer who is just spoofing an email address gets access to the address book without compromising the account, which is what you describe in the intro.
Posted by:
Annamarie
21 Sep 2021
How do you totally block your wi-fi. I was hacked via wifi (Xfinity) and I added some additional safety measures but my McAfee keeps blocking someone trying to break in and I don't know how to stop that. P.S. By the way, I have so much enjoyed your postings.
Posted by:
Judy
21 Sep 2021
Another hack - change filtering to delete any emails from Amazon (or other online retailer) - while they were buying things on Amazon using my account.
Posted by:
Bob K
21 Sep 2021
Is it illegal to use some else's email address in the FROM: a person sends out? How about handing out another person's email address when asked for an email address. I have this problem -- been going on for years -- know who does it, but can't get them to stop!
Posted by:
Sunshine Kid
21 Sep 2021
One point you missed on this: If you routinely use CC: or you put all your contacts in the TO: line, that is much easier for anyone to peel off addresses forwarded by accident (or on purpose in some cases). It is far better to avoid using the TO: or CC: address locations. The BCC: (blind carbon copy) does not forward your address contacts to people you may have issues with. Some you know, some you may never know.
Posted by:
Bob K
21 Sep 2021
And to add to what Sunshine Kid offered. If you are one to forward emails, take a couple minutes and strip out email addresses that are showing in the body. The less an email address gets passed around, the less SPAM it will get.
Posted by:
Frances
21 Sep 2021
2-factor identification assumes that you have a smartphone. I don't.
So, how to handle that situation? This is a serious problem that is causing me considerable difficulty. For one thing, I am now locked out of my PayPal account and with money owing to me, too.
I have a bank that will send a message to my landline phone but that has problems too. I'm elderly and hard of hearing. I have to hold the phone to my right ear to hear and I'm right-handed so how do I write down the number I'm given? And the automated voice that gives out the number, mumbles so I can't always understand it.
These things all seem to be designed by hale and hearty 25-year-olds. Does anybody ever consider that there are a lot of people who don't fit into their ideal groups?
Addendum: NOAA Weather Radio uses, or used, an automated voice that my husband and I called Mumbles because he sounded like someone talking with a mouthful of marbles. Environment Canada's Weather Radio automated voice is at least understandable. Again, does no one really think these things through?
Posted by:
RandiO
21 Sep 2021
2021/09/20 >> iOS15 'HideMyEmail' (disposable) is built into Mail, Safari, and iCloud...
I fail to understand why "we" are prescribing TFA rather than making a STRONGER case for using STRONG password adoption. No need to throw the baby out with the bathwater.
Posted by:
RandiO
21 Sep 2021
@Frances: I sympathize. For whatever the reason(s) maybe, you (and me) are but only 3% of the US population who do not use cellphones (flip/smart). Some of my ideas I may suggest:
*Get yourself a googleVoice 'telephone' number ($free)
*Get yourself a simple network connection from local Internet Service Provider ($30/mo)
*Get yourself a Vonage (or Ooma) VoiceOverIP (VoIP) phone ($9.95/mo or $100)
*Get yourself a Google or Amazon 'voice assistant' ($30)
*Get yourself a CreditCard and allow PayPal to work with the CC for cross-transferring $$$.
*If these are not possible, you can always go to your local library or senior center, which would be like the air we breed... FREE
Posted by:
RandiO
21 Sep 2021
lol to 'breed' but no edit
Posted by:
Bruce Kulik
21 Sep 2021
RandiO, I believe that you made the case in point for Frances's concern about not thinking through ramifications to the elderly or differently abled people. My in laws were initially unable to get fuel assistance to seniors because the only way to apply was on-line. We were able to help in that case, but what if a person didn't have access to the resources you are suggesting due to income or mobility issues?
Posted by:
Bob Connors
22 Sep 2021
As a web hosting provider, I am often puzzled as to why email is lacking in verifying the FROM address in an email before sending it. There is already a DNS lookup for web sites. How much more would be needed to compare the IP address of the email's FROM address with the IP number of the originator (the first "Received by" in the email's headers. If they don't match, then the email client should refuse to send the email. Email, and somewhat similar, text messages using smart phones, haven't changed much since they were created. It's time that both are made more secure. Surely, this cannot be that hard to accomplish.
Posted by:
Bill Lavezzi
22 Sep 2021
Don't know if it really matters, but I do a few of things to reduce the number of email addresses I'm sending out into the world. First, I use BCC: a lot rather than CC:. Second, when I'm forwarding or replying to one of those messages that has 50 email addresses in the "To:" field, I delete them. Finally, when I shred emails that have big address lists printed on them.
These may actually make little or no difference, but they're easy to do.
Posted by:
Bob K
22 Sep 2021
Bob Connors: The mechanism you would like to see already exists. Doesn't seem to work tho! If you have a domain name, you can add a SPF record that will tell any receiving mail server the domain name that a particular email must have originated from.
Only problem, it doesn't seem to work. At least I have a SPF record set up for a the ISP my mail used to go out thru --but doesn't anymore. And, I have never received any reports of emails not being delivered, or tagged as SPAM.
Do a search for SPF records.
Posted by:
artm
22 Sep 2021
If your email address is spoofed as a sender, there's a good chance the spoofer also has your entire contact list available. No sense getting worked up about that as the "horse is out of the barn". Some folks having been spoofed, change their pw. Doesn't matter as your email address book likely already resides elsewhere and may even be for sale.
Posted by:
BaliRob
22 Sep 2021
Don't forget that 500m Yahoo Mail Emails WERE stolen and not one of the victims (like me) did nothing to deserve it - so it CAN and WILL happen again