Helping people with computers... one answer at a time.

Email account hacking is on the rise. One of the signs is the amount of spam being sent to contacts from those hacked accounts.

If you're getting emails from a contact of yours that have either no subject line or one that doesn't make sense and the message consists of a link to a site that you've never heard of...

Your contact's email has likely been hacked.

If people are telling you that they're getting these messages from you... well, you can guess what it means.

It's your email account that's likely been hacked into.

One-line spam

It's Not A Virus

It's almost certainly not a virus, and no amount of scanning or other anti-malware work on your computer will make it go away. That's not to say that scanning isn't a good idea. The hack could have been the result of a keystroke logger, for example. Nonetheless, removing malware won't fix the fact that your account was hacked.

The problem isn't on your computer.

What a Hacked Account Means

When an account is hacked, that typically means that someone else has access to it.

Your hacker knows the account login ID and password. Using the email provider's web interface, they can login to the account from almost any computer anywhere on the planet and start sending email using that account to all the people in the account's address book, recipients in your sent mail, and any other email addresses that can be located by snooping around the online account information.

"... the fact that hackers are exploiting various techniques like these should simply act as a reminder that internet security matters a great deal."

Frequently, they'll also change the account information, such as the password and password recovery information, automatic forwards, and sometimes even the signatures automatically appended to outgoing messages. They may also download the contents of the address book (to be further spammed later) and then empty it and all mail folders associated with the account.

Recently, the hackers have been more stealthy and have done nothing more than sending email using hacked accounts. They make no other changes to the account hoping that the account owner doesn't notice. That way, they keep their access to the account longer and send more spam using it without the account owner's knowledge.

If You Get Spam From A Contact

Let your contact know - ideally, via some other means than email.

If the hacker has access to your friend's account, they could just as easily delete all of the warnings that you might send before your friend gets a chance to see them. Use a different email address if you have one for them or try phoning them.

Do not use an instant messaging service that uses the same account. For example, if the email address that's been hacked is a Windows Live Hotmail account, then the Windows Live Messenger account that goes with it has been hacked as well. You might just be IMing the hacker and not your friend. Use a completely different account or service.

There's really little else you can do.

Oh, one more thing: don't click on the link in the email. Never click on links in spam. At best, it'll be an ad for body enhancement drugs. At worst, it could lead to malware being installed on your machine.

Resist the urge.

If Your Account Is Sending Spam

If you can login to your account immediately change your password and your security questions. Clearly, the hacker knows your password, so changing that is clear. The hacker may also have recorded or set new answers to the security or secret questions that could be used for account recovery. It's imperative that you change those too, even if they look like they haven't been altered.

You should also then verify that all of the information associated with your account, such as the alternate email address and mobile phone number, have not been altered. Any information that a hacker might use to fake an account recovery of his own should be verified.

If you can't login to your account, it's possible that you might have lost the account forever.

Use the appropriate "I've lost my password" approaches provided by your email service provider to attempt to regain access to your account. If those fail, the hacker may have changed your account recovery information to prevent you from being able to get your account back.

If the email service has any kind of customer support option, then that's your next step. They may be able to help, particularly if this is a paid account. With a paid account, they typically use your billing information, such as your credit card, as ultimate proof that you are the account owner.

Once you regain access to your account, proceed as above, change your password and security questions, and verify all of the other information in your account.

How Did This Happen?

It's difficult to say with any certainty, but these are all of the ways that I know and have heard that accounts have been hacked in the past:

  • Having a poor password. From what I hear, this could be the most common way that accounts are hacked - hackers simply guess the password. Remember, it might not be a person sitting at a keyboard slowly guessing one at a time - it could very well be a computer trying all sorts of word combinations and common passwords.

  • Having poor security questions. For some accounts, having a poor security question with an answer that's easy to guess or find out allows hackers to succeed at resetting an account's password, thus giving them access.

  • Malware, specifically keyloggers. Malware can arrive in many different forms, but most commonly, it infects your computer when you receive and open a malicious email attachment, download from a web site, or file transfer via instant messaging.

  • Malicious Web Sites.I've heard at least a couple of reports where the account hack can be traced to having visited a web site somehow was able to either silently install malware, or used javascript or some form of social engineering to gather account credentials.

  • Open Wifi. If you login to your email account without using https over an open WiFi connection, anyone with a laptop in range could potentially see your account information - both login ID and password - fly by in the clear.

Ultimately, there's nothing really new here, and the standard concepts of keeping yourself safe on the internet still apply. If anything, the fact that hackers are exploiting various techniques like these should simply act as a reminder that internet security matters a great deal.

Well, it matters if you want to keep control of your accounts and not spam all your friends, that is.

Article C4773 - March 23, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

14 Comments
James S
March 30, 2011 12:55 AM

In the way you describe, I have received spam emails apparently coming from a granddaughter with a Hotmail account (now closed, on my recommendation).
However, there is surely another way.
My email address is not a webmail account, but a forwarding address that filters out spam. So I can't send emails from it. Nevertheless, since at least 2004 I (and presumably others) have from time to time received emails purporting to be from that address and others at acm.org. Whether it's only the Reply to address rather than From I'm not sure, and I can't find one to check.

There are actually lots of ways that spammers spoof the "From:" address without accounts being hacked, I'm just seeing a LOT of hacked accounts in recent months. This has more: Someone's sending from my email address! How do I stop them?!
Leo
30-Mar-2011

Gordon MacGillvray
April 5, 2011 12:31 AM

YO Yo Your timin' on this was perfect! I've been gettin' swamped w/ emails from a friends acct. wanting me to open different links. I just forwarded your newsletter to her & hopefully it will help her fix the problem! Thanks for the info Leo, good work!!
Gordon Mac... fixt

Mike Parker
February 20, 2012 10:03 AM

Another way email accounts are easily hacked is by the using the same password for your email and the various web sites you sign up for services.

For example, let's say your email address is bob@gmail and your password is ABC123. You also sign up to post comments on the blog SmugKnowItAlls, using your Gmail address and the password ABC123. SmugKnowItAlls is hacked, and the hacker gets all the email address and passwords registered on that site, and since 9 out of 10 times people are using the same password everywhere, the hacker is able to compromise your Gmail account.

Solution: Have at least 2 passwords — one for website registrations, and a separate one for your email.

D.M. Reed
June 18, 2012 5:49 PM

Thank you so much.

Your'e article email accounts being hacked was clear, concise, and thoroughly helpful. It should be recommended reading to everyone online.
:)

Peter Shellard
June 24, 2012 1:14 AM

I am a linux [ubuntu - evolution] user and have received an email from a hotmail account which has been hacked as described above. I have moved the offending email to my junk folder, but am unable to expunge it from this folder. [All other mail can be expunged without difficulty.] Any suggestions? With thanks for your attention and helpful advice.

annmarie
August 31, 2012 3:53 AM

Lately I'm receiving a lot of spam email from what appears to be facebook friends (a few are also email contacts but I can tell they are coming from facebook because the email includes the maiden name which I would not have in my aol or blackberry contact lists). When I hover over the person's name, an unknown yahoo address appears. I've added these messages to my spam folders, via aol and via blackberry, depending on where I'm reading them. Recently, I tried to forward an email from my aol mail via blackberry to a contact. When I began typing her name in the "to" line, I was given 3 options to choose, 2 of which were the unknown yahoo addresses. However, these addresses do not appear in my blackberry contact's list. How do I disassociate these spam addresses from my real contact's name? How do I stop the cloning as well? Thanks!!

dfox
September 4, 2012 10:12 AM

You have provided an interesting response to this issue. I too am experiencing this. However, you are making a HUGE assumption here that does not fit my case. You assume that the sender's email was hacked. In my case, people have received email messages from me that have a totally BOGUS email address for me as the sender! Yes, I've been around computers long enough to know that the smtp protocol can be modified to spoof email addresses. What people need to do is to expand the email header so that you can see where the email came from. That will give you the clue to which of your email accounts may have been compromised, or not. A quick check of my sent list didn't find any strange emails that had been sent. Yes, they could have been deleted...


In my defense, that HUGE assumption is in the title: "from my contacts". If the email addresses are being spoofed as you describe, then it's not from your contacts. I rarely send people to try and decypher email headers, as a) they're complex, and b) they can also be spoofed beyond recognition. In a case like this as long as people look at the email ADDRESSS (not name) that the email is coming from they can discern the difference.
Leo
05-Sep-2012

connie
September 4, 2012 11:07 AM

@dfox,
I wouldn't be surprised if spammers didn't collect all the email addresses from all those "forward if you want money and you'll die if you don't" emails. Then they use the names they get and the whole list, assuming the people might know each other.

BAW30s
September 11, 2012 3:27 AM

I have a strange problem which is similar to that described by dfox. Over the last two months, I have received about a dozen messages which appeared, from the names shown, to come from three friends, but which only contained advertising links. Usually the subject line said "For you" and included my name. At first I thought that the friends' email accounts had been hacked, but then I checked the senders' full email addresses, and found them to be different and bogus in each case.

Most of these messages were treated as spam by Hotmail and did not reach my inbox. Oddly enough, the friends' names used all began with the letter M and the bogus email addresses were all Yahoo accounts.

I was worried as to whether my contacts list and therefore my account had been compromised, but it seems unlikely as one of the names used is not in my on-line list. I then thought that the names must have been "harvested" as Connie suggests, but that is also unlikely, as I don't recall ever sending a message to the unlisted person, although she is known to me.

So far I'm baffled ... any ideas, folks / Leo?

BAW30s
September 11, 2012 3:43 AM

Supplemental: I think I have the answer - the spam is probably what is known as "spear-phishing" and related to Facebook: see http://www.forbes.com/sites/davidewalt/2012/08/29/facebook-spam-email-spear-phishing .
I don't use Facebook much, but the three people concerned are all listed there as friends.

jillie67
September 28, 2012 1:08 AM

A friend just sent me one of these emails without her actually sending it. Good thing she's in the cubicle right next to mine (we work together). I informed her right away.

Karen
January 19, 2013 8:42 AM

It seems to me there should be somewhere that one could report the real email address (with my name beside it but not my email address) and the link in the message area. By using a search engine to find out who owns the link domain, etc. I find the links are usually not malware but some small overseas company using someone to spam their website link and of course they should not be permitted to do this. I can't find any spam-reporting website that seems to care about these. Why not?

Lew
February 9, 2013 7:59 AM

More and more of my customers are having this problem. Instead of explaining to them how to fix it, I'm sending them to this page. Hope you don't mind.

Mark J
February 10, 2013 6:32 AM

@Lew
Sending links to an Ask_Leo.com articles is encouraged.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.