Ask Kurt: How is it possible that your friends are getting spam email from you?

Do you ever wonder how spammers can send you emails that look like they are coming from your own account or someone you know? You might think that your email is hacked or that your friend’s account is compromised.

The truth is, these types of deceptive emails aren’t really coming from those addresses. They’re just pretending to be them. This is called spoofing, and it is an effective phishing technique used by scammers to trick you into opening their messages, clicking on harmful links, and giving away your personal information.

Take these two instances from Linda and James, who both experienced this spoofing scam firsthand and are sharing how the attempted attacks unfold.

I have been receiving spam, like everyone else, but what I’ve noticed is the spam is coming from and to my email address. I suspected it was coming from my server, but there’s no trace of the emails in the sent logs.  How is this possible?” – Linda, Barnegat, NJ

I have been receiving spam emails from a friend of mine.  It has their email address in the from field.  My friend told me they never sent this. How are spammers able to send emails from other accounts?” – James, Tampa, FL

Great questions. It starts with a scammer faking an email address to make it look like it’s coming from someone else. It is a simple and dangerous way for scammers to deceive you.

They can get your email address or your friend’s email addresses from data breaches, websites, social media, or public directories. Then they can use them to send you phishing emails that seem legit. 

MORE: DON’T FALL FOR THAT DECEPTIVE EMAIL ASKING FOR YOUR HELP 

 

Why do scammers spoof your email?

To avoid being labeled as spam

When an email comes from your own address, it is likely to avoid being labeled as spam. Instead, the message will typically go straight to the priority inbox since your account thinks it’s from you. This makes you much more likely to view the email. 

 

To convince you that they have access to your accounts

The scammer also will use your own address to convince you that they have access to your accounts. Many times, the goal of these emails is to attempt to steal your sensitive information or take your money. The reasoning is similar for why they may use a friend’s email. You are more likely to click on a link from a friend rather than from a stranger.

 

To expose your personal information

The scammer may threaten you, claiming to expose your personal information. And, when you see they sent the message from your own email address, you may believe that they do have access to your email account.

 

To scare you by showing a phone number or password

Sometimes, the scammer may also show a phone number or password of yours to scare you further. In reality, they do not have access but have purchased this information from a data leak or dug your private info from nefarious crevices on the dark web. It is an attempt to trick you into paying ransom for information the scammer does not actually have. 

MORE: HOW TO TELL IF YOUR PHONE HAS BEEN HACKED

MORE: DON’T FALL FOR THIS LATEST ANTIVIRUS PROTECTION SCAM

 

How to spot a spoofed email

If an email looks a bit off, you should always play it safe and not click on it. You can also check the sender’s address, the subject line, the spelling and grammar, the attachments, and the links for anything suspicious.

Ask the friend who supposedly sent the message about it. If they don’t remember sending it, then it is likely their account was spoofed or possibly hacked.  

Get my free newsletter

 

What to do if your email was spoofed?

It’s important to let your contacts know about the situation as soon as possible. Here’s a step-by-step guide on how you can notify your contacts:

Log in to your email account: If you haven’t already, make sure to regain control of your email account. You might need to reset your password or contact your email service provider for assistance.

Compose a new email: Create a new email to send to your contacts. You might want to use a subject line that clearly indicates the purpose of the email, such as “Important: My Email Account Was Hacked”.

Write a clear message: In the body of the email, explain the situation. Let your contacts know that your account was hacked and that they should ignore any suspicious emails they received from your account.

Send the email to all your contacts: You can manually select all your contacts to send the email, or create a group to send emails to multiple recipients.

Remember, it’s also important to take steps to secure your email account to prevent future attacks. This includes changing your password, setting up two-factor authentication, and checking your account settings for any changes made by the hacker.

 

What to do if you think you’ve received a spoofing email

Check your “sent” folder

If you find signs of spoofing on your account, you should first check your “sent” folder. If you see suspicious emails in the folder that you know you haven’t sent, it most likely means your account was hacked. You should change your password immediately and report the incident to your email service provider.

 

Check account settings for any unauthorized changes

You should also check your account settings for any unauthorized changes. If you see nothing, it is most likely just spoofing. Even though it may feel like your account is exposed, in reality, it is not. Remember to stay vigilant, though, and never to click on suspicious links.

 

Don’t click any suspicious links, attachments, or images

If you receive a spoofing email, do not click on any of the links, attachments, or images within the message, as it could expose you to a phishing scam. These links, attachments, or images may contain malware that can infect your device or direct you to a phony website that looks exactly like the real one but is designed to steal your personal information.

 

Have strong antivirus software on all your devices

Keeping hackers out of your devices can often be prevented when you have good antivirus protection installed on all your devices. Having antivirus software on your devices will help make sure you are stopped from clicking on any known malicious links, attachments, or images that may install malware on your devices, allowing hackers to gain access to your personal information.

ARE YOU PROTECTED? SEE THE 2024 BEST ANTIVIRUS PROTECTION WINNERS

MORE: MASSIVE CYBERATTACK STRIKES MILLIONS: ARE YOU AT RISK? 

 

How to further prevent spoofing

Change passwords

Always make sure your passwords are strong and complex. You should also change them regularly to be even safer. Consider using a password manager to generate and store complex passwords.

 

Create alias email addresses

Creating alias email addresses can help prevent spoofing by making it harder for spammers to guess your real email address and impersonate you. Creating various email aliases allows you not to worry about all your info getting taken in a data breach.  An email alias address is also a great way for you to stop receiving constant spam mail by simply deleting the email alias address. 

To find out more about upgrading the security of your email, click here.

Best Private and Secure Email Providers 2023

 

Invest in personal data removal services 

While no service promises to remove all your data from the internet, having a removal service is invaluable, especially after a data breach. These services can help you mitigate the potential damage by ensuring your compromised information is continuously monitored and systematically removed from hundreds of sites. This ongoing process reduces the risk of identity theft, fraud, and other malicious activities, providing an additional layer of security and peace of mind.

A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.

Special for CyberGuy Readers (60% off):  Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers.  I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.

Get Incogni here

 

Kurt’s key takeaways

Email spoofing is just the wave of phishing scams meant to trick you into giving scammers your personal information so they can steal your data and your money. These scammers are masters of disguise, yet you can outsmart them by carefully examining suspicious emails, verifying with your friends any emails you receive from them, and taking steps to protect your online presence. By being proactive, you can keep your inbox safe from the clutches of these deceptive crooks.

Have you ever encountered a situation where your email address was spoofed? What did you do? What was the outcome? Let us know by commenting below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Understanding brushing scams and how to protect yourself

Massive data breach at federal credit union exposes 240,000 members

Here are 10 reasons you need a VPN at home