Ask Kurt: How is it possible that your friends are getting spam email from you?

Ask Kurt: How is it possible that your friends are getting spam email from you?

How to protect yourself from sinister spoofing attacks

by Casey Reims

Do you ever wonder how spammers can send you emails that look like they are coming from your own account or someone you know? You might think that your email is hacked or that your friend’s account is compromised.

The truth is, these types of deceptive emails aren’t really coming from those addresses. They’re just pretending to be them. This is called spoofing, and it is an effective phishing technique used by scammers to trick you into opening their messages, clicking on harmful links, and giving away your personal information.

Take these two instances from Linda and James, who both experienced this spoofing scam firsthand and are sharing how the attempted attacks unfold.

I have been receiving spam, like everyone else, but what I’ve noticed is the spam is coming from and to my email address. I suspected it was coming from my server, but there’s no trace of the emails in the sent logs.  How is this possible?” – Linda, Barnegat, NJ

I have been receiving spam emails from a friend of mine.  It has their email address in the from field.  My friend told me they never sent this. How are spammers able to send emails from other accounts?” – James, Tampa, FL

Great questions. It starts with a scammer faking an email address to make it look like it’s coming from someone else. It is a simple and dangerous way for scammers to deceive you.

They can get your email address or your friend’s email addresses from data breaches, websites, social media, or public directories. Then they can use them to send you phishing emails that seem legit. 



Why do scammers spoof your email?

To avoid being labeled as spam

When an email comes from your own address, it is likely to avoid being labeled as spam. Instead, the message will typically go straight to the priority inbox since your account thinks it’s from you. This makes you much more likely to view the email. 


To convince you that they have access to your accounts

The scammer also will use your own address to convince you that they have access to your accounts. Many times, the goal of these emails is to attempt to steal your sensitive information or take your money. The reasoning is similar for why they may use a friend’s email. You are more likely to click on a link from a friend rather than from a stranger.


To expose your personal information

The scammer may threaten you, claiming to expose your personal information. And, when you see they sent the message from your own email address, you may believe that they do have access to your email account.


To scare you by showing a phone number or password

Sometimes, the scammer may also show a phone number or password of yours to scare you further. In reality, they do not have access but have purchased this information from a data leak or dug your private info from nefarious crevices on the dark web. It is an attempt to trick you into paying ransom for information the scammer does not actually have. 




How to spot a spoofed email

If an email looks a bit off, you should always play it safe and not click on it. You can also check the sender’s address, the subject line, the spelling and grammar, the attachments, and the links for anything suspicious.

Ask the friend who supposedly sent the message about it. If they don’t remember sending it, then it is likely their account was spoofed or possibly hacked.  

Get my free newsletter



What to do if you think you’ve received a spoofing email

Check your “sent” folder

If you find signs of spoofing on your account, you should first check your “sent” folder. If you see suspicious emails in the folder that you know you haven’t sent, it most likely means your account was hacked. You should change your password immediately and report the incident to your email service provider.


Check account settings for any unauthorized changes

You should also check your account settings for any unauthorized changes. If you see nothing, it is most likely just spoofing. Even though it may feel like your account is exposed, in reality, it is not. Remember to stay vigilant, though, and never to click on suspicious links.


Don’t click any suspicious links, attachments, or images

If you receive a spoofing email, do not click on any of the links, attachments, or images within the message, as it could expose you to a phishing scam. These links, attachments, or images may contain malware that can infect your device or direct you to a phony website that looks exactly like the real one but is designed to steal your personal information.


Have good antivirus software on all your devices

Keeping hackers out of your devices can often be prevented when you have good antivirus protection installed on all your devices. Having antivirus software on your devices will help make sure you are stopped from clicking on any known malicious links, attachments, or images that may install malware on your devices, allowing hackers to gain access to your personal information.




How to further prevent spoofing

Change passwords

Always make sure your passwords are strong and complex. You should also change them regularly to be even safer. Consider using a password manager to generate and store complex passwords.


Create alias email addresses

Creating alias email addresses can help prevent spoofing by making it harder for spammers to guess your real email address and impersonate you. Creating various email aliases allows you not to worry about all your info getting taken in a data breach.  An email alias address is also a great way for you to stop receiving constant spam mail by simply deleting the email alias address. 

To find out more about upgrading the security of your email, click here.

Best Private and Secure Email Providers 2023

Check if your personal information was sold on the dark web

One way to try and proactively stop scammers is to check if your information was sold on the dark web. If you get spoofed, it is likely one of your addresses and maybe other information was part of a data breach and purchased by a scammer. 

To check if your personal information was sold on the dark web, you can go to and enter your email address into the search bar. The website searches to see what data of yours is out there and displays if there were data breaches associated with your email address on various sites. You may have even received an email from the website already saying that some of your data was stolen, and you should look into this immediately if that is the case.


Invest in removal services 

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

See my tips and best picks for removing yourself from the internet here 


Kurt’s key takeaways

Email spoofing is just the wave of phishing scams meant to trick you into giving scammers your personal information so they can steal your data and your money. These scammers are masters of disguise, yet you can outsmart them by carefully examining suspicious emails, verifying with your friends any emails you receive from them, and taking steps to protect your online presence. By being proactive, you can keep your inbox safe from the clutches of these deceptive crooks.

Have you ever encountered a situation where your email address was spoofed? What did you do? What was the outcome? Let us know by commenting below.


Leave a Comment

Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder