We’ve had quite a few people asking about this lately, so thought I’d put together a bit of information – mostly to put your minds at rest. So I don’t know if this has happened to you: you get an email that looks like it’s come from one of your friends, but it doesn’t sound like them. It’ll probably have a link in it, with a quick line of text something like “I saw this and thought of you!”.
Or maybe one of your friends has been in touch to say they’ve had an email like that from your email address – and you’re pretty certain you didn’t send it!
There are two main ways this happens: the first is scary but very rare, the second is the most likely and is just annoying (but fixable).
So – the scary reason (and the one a lot of people think is behind this sort of email) is that your email account has been hacked. That the dodgy emails are actually being sent from your email account, because some hacker has got control of it. Let me assure you that this is very, very rare. Crooks don’t bother hacking into the email accounts of ordinary people to send out scams and viruses – it’s too much like hard work.
If you’re at all worried that that might have happened to your account, though, go to your email provider’s website, sign in and then change your password. If you’ve used the same email address and password combination on any other websites, change it on those too.
Like I say though, this sort of hacking where a bad guy genuinely takes over your email account is rare. If you can still sign in with the password you set, that’s a good clue that it wasn’t hacked. One of the first things a successful hacker would do is change your password to lock you out of the account.
If, when you try to sign in, your password doesn’t work, that’s likely to be what’s happened. You need to get in touch with your email provider as soon as you can to get the account blocked.
What’s much more likely, though, is that your email address is being “spoofed”. It’s relatively straightforward for a hacker to make an email look like it’s been sent from you, without having access to your account. All they need is your email address.
In theory, someone could use your email address without having anything else to do with you or your friends. If you’d typed your email address into a website that wasn’t very secure. Or if a whole load of email addresses and encrypted passwords had been stolen, they would have your email address (even if they couldn’t figure out the password).
In practice, what they want is to encourage other people to open the email because they think it’s from you – so they want to send it to people you know – people in your address book.
What the crooks tend to do is write a nasty little computer program – a piece of “malware” – that can read your address book. The crooks then do one of three things:
- They send an email to you that looks like it’s come from someone in your address book.
- They send an email that looks like it comes from you to everyone in your address book.
- Or (definitely the sneakiest) they send an email to everyone in your address book that looks like it’s come from someone else in your address book. That way, it’s harder for someone who’s had their email address used in this way to track down the malware.
As with any malware, the best thing to do is run a full anti-virus scan. You should do that both if you’ve received an email like this, and if emails like this seem to be coming from your address.
If that doesn’t stop them, then chances are it’s a mutual friend whose computer has the malware. Try encouraging all your friends to run a scan.
At the end of the day, though, these emails are frustrating and annoying – but they’re only dangerous if you actually click on the links or open attachments that they contain. Keep your wits about you, and if an email doesn’t quite sound like the person who it’s supposed to be from, check with them before you click on any links or attachments.