Helping people with computers... one answer at a time.
Email account hacking is on the rise. One of the signs is the amount of spam being sent to contacts from those hacked accounts.
If you're getting emails from a contact of yours that have either no subject line or one that doesn't make sense and the message consists of a link to a site that you've never heard of...
Your contact's email has likely been hacked.
If people are telling you that they're getting these messages from you... well, you can guess what it means.
It's your email account that's likely been hacked into.
•
It's Not A Virus
It's almost certainly not a virus, and no amount of scanning or other anti-malware work on your computer will make it go away. That's not to say that scanning isn't a good idea. The hack could have been the result of a keystroke logger, for example. Nonetheless, removing malware won't fix the fact that your account was hacked.
The problem isn't on your computer.
What a Hacked Account Means
When an account is hacked, that typically means that someone else has access to it.
Your hacker knows the account login ID and password. Using the email provider's web interface, they can login to the account from almost any computer anywhere on the planet and start sending email using that account to all the people in the account's address book, recipients in your sent mail, and any other email addresses that can be located by snooping around the online account information.
Frequently, they'll also change the account information, such as the password and password recovery information, automatic forwards, and sometimes even the signatures automatically appended to outgoing messages. They may also download the contents of the address book (to be further spammed later) and then empty it and all mail folders associated with the account.
Recently, the hackers have been more stealthy and have done nothing more than sending email using hacked accounts. They make no other changes to the account hoping that the account owner doesn't notice. That way, they keep their access to the account longer and send more spam using it without the account owner's knowledge.
If You Get Spam From A Contact
Let your contact know - ideall,y via some other means than email.
If the hacker has access to your friend's account, they could just as easily delete all of the warnings that you might send before your friend gets a chance to see them. Use a different email address if you have one for them or try phoning them.
Do not use an instant messaging service that uses the same account. For example, if the email address that's been hacked is a Windows Live Hotmail account, then the Windows Live Messenger account that goes with it has been hacked as well. You might just be IMing the hacker and not your friend. Use a completely different account or service.
There's really little else you can do.
Oh, one more thing: don't click on the link in the email. Never click on links in spam. At best, it'll be an ad for body enhancement drugs. At worst, it could lead to malware being installed on your machine.
Resist the urge.
If Your Account Is Sending Spam
If you can login to your account immediately change your password and your security questions. Clearly, the hacker knows your password, so changing that is clear. The hacker may also have recorded or set new answers to the security or secret questions that could be used for account recovery. It's imperative that you change those too, even if they look like they haven't been altered.
You should also then verify that all of the information associated with your account, such as the alternate email address and mobile phone number, have not been altered. Any information that a hacker might use to fake an account recovery of his own should be verified.
If you can't login to your account, it's possible that you might have lost the account forever.
Use the appropriate "I've lost my password" approaches provided by your email service provider to attempt to regain access to your account. If those fail, the hacker may have changed your account recovery information to prevent you from being able to get your account back.
If the email service has any kind of customer support option, then that's your next step. They may be able to help, particularly if this is a paid account. With a paid account, they typically use your billing information, such as your credit card, as ultimate proof that you are the account owner.
Once you regain access to your account, proceed as above, change your password and security questions, and verify all of the other information in your account.
How Did This Happen?
It's difficult to say with any certainty, but these are all of the ways that I know and have heard that accounts have been hacked in the past:
-
Having a poor password. From what I hear, this could be the most common way that accounts are hacked - hackers simply guess the password. Remember, it might not be a person sitting at a keyboard slowly guessing one at a time - it could very well be a computer trying all sorts of word combinations and common passwords.
-
Having poor security questions. For some accounts, having a poor security question with an answer that's easy to guess or find out allows hackers to succeed at resetting an account's password, thus giving them access.
-
Malware, specifically keyloggers. Malware can arrive in many different forms, but most commonly, it infects your computer when you receive and open a malicious email attachment, download from a web site, or file transfer via instant messaging.
-
Malicious Web Sites.I've heard at least a couple of reports where the account hack can be traced to having visited a web site somehow was able to either silently install malware, or used javascript or some form of social engineering to gather account credentials.
-
Open Wifi. If you login to your email account without using https over an open WiFi connection, anyone with a laptop in range could potentially see your account information - both login ID and password - fly by in the clear.
Ultimately, there's nothing really new here, and the standard concepts of keeping yourself safe on the internet still apply. If anything, the fact that hackers are exploiting various techniques like these should simply act as a reminder that internet security matters a great deal.
Well, it matters if you want to keep control of your accounts and not spam all your friends, that is.
Article C4773 - March 23, 2011 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
September 11, 2012 3:43 AM
Supplemental: I think I have the answer - the spam is probably what is known as "spear-phishing" and related to Facebook: see http://www.forbes.com/sites/davidewalt/2012/08/29/facebook-spam-email-spear-phishing .
I don't use Facebook much, but the three people concerned are all listed there as friends.
September 28, 2012 1:08 AM
A friend just sent me one of these emails without her actually sending it. Good thing she's in the cubicle right next to mine (we work together). I informed her right away.
January 19, 2013 8:42 AM
It seems to me there should be somewhere that one could report the real email address (with my name beside it but not my email address) and the link in the message area. By using a search engine to find out who owns the link domain, etc. I find the links are usually not malware but some small overseas company using someone to spam their website link and of course they should not be permitted to do this. I can't find any spam-reporting website that seems to care about these. Why not?
February 9, 2013 7:59 AM
More and more of my customers are having this problem. Instead of explaining to them how to fix it, I'm sending them to this page. Hope you don't mind.
February 10, 2013 6:32 AM
@Lew
Sending links to an Ask_Leo.com articles is encouraged.