Helpdesk Challenge – what should you do if your email address has sent out spam messages?
We all know how irritating it is to open your email account and be faced with spam messages. But what should you do if it turns out your account has been the one sending them out to others?
I’ve looked in my junk email plenty of times over the years and spotted messages from people I know, typically titled something generic like ‘Hey…’ or promises of red-hot tech discounts, and containing nothing but a solitary hyperlink.
Would I click on it? Not on your life. These messages mean that one of my friend’s email accounts has been compromised, and is spewing out junk mail to everyone on my friend’s contacts list.
What if you become the spammer?
And then, one day, it happened to me. I opened my email account, and was met with a series of ‘Message unsent’ emails from old contacts I certainly hadn’t emailed recently. But the junkbot had, and it had done so in my name.
So what should you do if this happens to you, and you suspect your email account has been compromised?
1) Update your security software and run a scan
Step one, and this is vital – make sure your security software has its anti-malware and anti-spyware databases as up-to-the-minute as can be. Click on the settings to select an update, and manually choose to run a thorough scan right away.
With luck, this will pick up any nasties that may have infected your PC.
Keep in mind, if you use a webmail client like Hotmail, the infection could have happened on any PC you used to log into your account. So make sure your security software is update at home and at work. If you logged in from a public computer or a friend’s PC, the infection could have originated there.
Read our reviews of the best security software for protecting your PC
2) Set a new password for your email account
This is an important step, but don’t do it until after you’ve given your system a clean sweep with the updated security software. If there’s spyware or key-logger software running on your PC, you don’t want it picking up on your new password.
Set yourself a secure, memorable password that will protect your account.
Read our tips on how to set the perfect password
3) Email your contacts to warn them about the spam
This step is a courtesy call really, and it’s entirely up to you if you want to go through with it.
Most people will have encountered spam messages from legitimate email addresses, and your friends are unlikely to think any less of you for having one sent from your account.
Of course, if you have work contacts or less computer-savvy friends and family on your spam distribution list, you may wish to let them know what’s happened, advise them not to click on the link, and mutter a few words of apology for the whole fuss.
Further steps you can take if your email account has been compromised
When my own personal email account was compromised and used to send out spam to my contacts, I was so incensed that I deleted my entire contacts list to prevent it from happening again.
Of course, first of all, I backed up my contacts as a CSV spreadsheet file so they weren’t permanently lost. However, on my Hotmail account, all of my contacts were kept in the autofill data whenever I composed a new email, and I found that I never needed to get around to re-saving my contacts list.
Have you ever had your email account compromised and used to send out spam? What measures did you take, and were they effective in preventing it from happening again?
- Security software reviews – read our reviews of the best security suites
- Choosing the best anti-virus software – how to pick the best security for your PC
- How to spot a phishing scam – stay ahead of phishing emails with our guide
Post a Comment
Your email is never published nor shared. Required fields are marked
Ian Savell
Please note that there is, as yet, no universal secure system for validating the ‘from’ address on an email. It is just text, like the content of the email itself. So when your friends get spam emails purporting to come from you your email account is VERY unlikely to have been compromised. What is most likely is that your address, picked up from a web page or someone else’s compromised PC, has been fed to a “spambot” on a completely different computer and the spambot is using it as the “from” address as part of it’s attempt to get people to read it’s spam.
Sending an email to the person who appears to send you spam is itself just spam. Always IGNORE spam emails.
If you want to find the source of the spam, look at the “headers”, the envelope the email came in. Most email clients have a way to do this. The headers will show a chain of computers that the email has passed through on its way to you. The earliest is usually the source of the email. An internet lookup known as “whois” on that address will usually give you the sending computer’s ISP, frequently in Russia or West Africa. Demon Internet have a generic whois lookup on their site.
A number of email providers, notably Google’s gmail, use a system known as SPF to verify the sender’s address with options to send unverifiable or false addresses straight to the spam bin. Unfortunately this system is not universal or foolproof and may mean perfectly legitimate emails sometimes get binned.
Martin Radcliffe
I believe Facebook has been hacked and users accounts scraped for their friends’ email addresses.
I am only a friend of two people on Facebook and frequently get emails under their names containing links to ‘must see this’ websites.
When I hover the mouse over their name in the incoming email I can see that the underlying email address is not the email address that I know is theirs.
I believe a hacker has taken their name from Facebook, eg. Fred Bloggs, and set up a false email account (invariably at @yahoo.com) under the the name Fred Bloggs, and used that fake name and email address to send messages to Fred Bloggs’ friends.
I am only getting emails like this from my two friends in Facebook, so it would seem that Fcebook is where the original hack is.
I don’t believe it is coming from contact lists at @yahoo.com, since I don’t get these emails from non-Facebook contacts.