Helping people with computers... one answer at a time.

More than likely, your friend's email has been hacked. Spammers use this type of email cloaking to fool people into clicking on their links.

I often get spam emails where there are a couple of personalizations that just intrigue me. For example, I received a spam email from a real friend. I'll call him "Leo," but the email address of the sender is actually someone else. Someone else that I don't know, an email address that I've never seen. Now, I know "Leo," but have not emailed him for years and I don't see him in my current email address book although I may be in his address book. The spam is one of those that contains a clickable link and nothing else. Of course, I did not click on it.

In this excerpt from Answercast #50, I look at the sophisticated strategies spammers use to send their malicious emails. Bottom line is to recognize it and not click on the link.

Spam from friends

Now... the original question goes on quite long - but the bottom line for a scenario like this (the telltale sign for me) is that:

  • The email contained only a clickable link.

  • The email account that it came from was hacked.

Now, what email account did it come from? Well, that's really hard to say. Since this is someone you know, the display name that was used was someone you know. My guess is someone you know (perhaps, "Leo,") had his email account hacked.

Email spammers

Now, why then are you seeing email addresses that you don't know?

My belief is that account hackers and spammers are getting more sophisticated. What their intent is... what they're trying to do when they attack these accounts, when they hack into them and use their contact lists to send email, is:

  • They're trying to use names that are familiar to you;

  • Names that will cause you, as the recipient of this spam, to maybe think it's legitimate;

  • To open it up and maybe click this link because it's from a name you recognize.

Now normally, they'll do this by using the actual email address of the person in addition to their name. Why they're mixing it up, I'm not sure. Clearly, it feels like they've set up some database that says:

  • You know or recognize these names (in other words, you're in this person's email address book);

  • Let's send you email.

  • OK, now let's send you email at least with a display name that you'll recognize.

Why they're using other email addresses in association with that display name, I honestly can't say. It doesn't really make a whole lot of sense, but these are spammers. These are scammers and they are trying to get you to do things that ultimately you don't want to do.

Friends email hacked

So, the bottom line here is that fundamentally I believe that your friend, "Leo," (pseudonym of course) had his email account hacked at some point. As part of that, your email address became known to the spammers. They are now sending you "run of the mill spam from hacked accounts" that are trying to get you to click on that link - and do things that you don't want to do.

So, bottom line is, yea, this happens. This kind of weird mix-up of name and email address happens. It's almost always a sign of spam. You should almost always just mark it as spam in your email program or email service and move on.

Next from Answercast 50 - Why is my audio choppy?

Article C5777 - September 5, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

4 Comments
icemanx
September 6, 2012 2:29 AM

Leo the best and only way to actually not get spam sent is to know who and where you let your email address go to - here is an example below

lets say I sign up here to you (lol)

my email address will now be called

ask-leo.com@mydomainname.com

this way if I start getting emails back then I know your accounts/database has been hacked and this email address can be registered as a spam account

make it an alias account that can be forwarded on anywhere

I have setup many for just this and of late I have had some come from linkedin of which that I dont have a linkedin account what so ever

then as soon as I see the header via mailwasher pro - i can delete and blacklist them well before anything is downloaded

works well for me

Andy
September 8, 2012 9:51 AM

icemanx, unfortunately not everybody is able to set a different mailbox for each service they use for various reasons. At the end of the day, there is not a single way to stop SPAM and I doubtful that there will be any time soon; so people have just got to learn how to discriminate between legitimate emails and SPAM - I cant see that there is any two ways about it.

But as for the display name. Unfortunately, it is so easy to specify any display name in the email header. Different email clients display that name in different ways and in some it is easy to see the real senders address, but in others you can very easily be fooled. There is no protection system to stop people using any display name so again, it comes down to learning the tell tale signs of spoof emails and you should also check the actual sender's address; not the "Reply-To" address and the display name as these could both contain completely legitimate but fake addresses!

Cooleman
September 9, 2012 10:01 PM

The reason the spammers did not come from the friend's real email address is probably that they do not control it.

The spammers know the target's email address and that a person with the friend's name is a friend of theirs. How did they know this without accessing the friend's email account? Social media is one place. Contact list apps on phones are another.

James
September 10, 2012 7:07 AM

I have a filter set up in Thunderbird that says if the sender's email address is not in my address book, then mark it as spam.

Thunderbird is set to delete spam after xx days, so every xx days I have to scan the spam for false-positives.

This would help with the original problem, but doesn't do much when your friend's email account has been hacked. But then, what can you really do in that scenario?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.