Not been hacked

You might get a suspicious email from a friend and assumes that said friend’s computer or email account has been hacked. Conversely, a friend may tell you of  a dodgy email they received from you.

Often neither of you has been hacked so what has happened?

A scammer somehow gets hold of an email with several recipients including yourself and your friend.

The scammer then picks an email address and sends a fraudulent email to you which seems to come from your friend. This is not difficult to do.

Often scammers might use an address similar to your friend’s one. So if friend’s email is gordonbennet47@hotmail.com they might create a fake email account called gordonbennet47@gmail.com or gordonnbennet47@hotmail.com and send you a mail from there. It’s easy not to notice the disparity.

Countermeasures

There’s not much than can be done, but as a precaution, get your friend or whoever the emails are seemingly coming from to change their email password. This is just in case they’ve suffered a phishing attack per below.

How does the scammer get the email addresses?

Phishing

A scammer needs to get into just one email account to start his devious strategy.

Usually this is done by sending out loads of convincing looking emails which encourage the recipient (the ‘patsy’) to open a link.

The patsy clicks the innocuous looking like is presented with a challenge like “As a security measure, please proceed by entering your email password”. Patsy enters this and is taken to somewhere unremarkable such as Amazon. The patsy shrugs and forgets the whole thing.
Meantime the scammer then has the password and access to their email. This is known as phishing.

The scammer scans the email account and finds a group email to, say, a dozen emails. Scammer can then start sending fake emails from one to the other in the hope that somebody falls for the scam.

Website hacking

People often use the same password for their email and everything else. Somebody doing this might register their details (email address and password) on a legitimate but badly secured website.

A hacker then cracks the site and gets the list of emails and passwords. There’s a good chance that in many cases the password used is the same as the email password.

As a countermeasure never register an account on a site using your email password, think up something else.

Dodgy data brokers

There are people on the so called ‘dark web’ who will buy email addresses from scammers and sell them on to other scammers. There’s a fair chance that your email address is lurking on a few dodgy databases along with those of some of your contacts and friends. There’s nothing you can do about this.

 

Email hacked?

You have people receiving odd emails from you and assume you’ve been hacked. What has happened?

Computer Hacked?

This is unlikely and one of the situations below is more likely. If you have other symptoms or are worried then I am happy to check your system, please get in touch.

Phished or email hacked?

Email hacking is not as easy as one might think, more likely you’ve been ‘phished’ – tricked into logging in to a fake site and your details have been compromised. Change your password and all should be well.

Spoofed?

Depending on your email setup, it may not be difficult for a spammer to send out email as if it is from you. This usually happens when a group email including yours has fallen into the wrong hands – and this may be nothing to do with you directly at all.

This can be hard to tell from Phished per above. Change your password anyway.

,,,and finally

Best practice is to use different passwords for different sites – at the very least have a unique one for your email.

If somebody has acquired your email address and password then they may try to log into other sites of which you have membership.

So, if you use other websites with the same email address and password as your email one then log in soonest and change the passwords on those sites.

Facebook message from a friend…

There have been a spate of these recently. A message from a Friend (and it is the actual account, not a clone) asks you to look at video (for example).

I got this twice from Friends. I experimentally followed the link with a fake account which I keep around for these situations. It craftily asks you to log into Facebook in order to see the video or whatever. Your email and password are then captured! This lets the scammer masquerade as you and get up to no good.

The Friends who apparently sent me the message had been caught by the same trick so it’s a chain reaction.

Implications go further. If you use the same password everywhere then they can get access to your email and more and get up to even more mischief.