Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why Am I Getting (or Sending) Emails that Contain only a Link or Spam from My Contacts?

If you’re getting emails from a contact of yours that have either no subject line or one that doesn’t make sense and the message consists of a link to a site that you’ve never heard of…

Your contact’s email has likely been hacked.

If people are telling you that they’re getting these messages from you… well, you can guess what it means.

It’s your email account that’s likely been hacked into.

Become a Patron of Ask Leo! and go ad-free!

It’s Not A Virus

It’s almost certainly not a virus, and no amount of scanning or other anti-malware work on your computer will make it go away. That’s not to say that scanning isn’t a good idea. The hack could have been the result of a keystroke logger, for example. Nonetheless, removing malware won’t fix the fact that your account was hacked.

The problem isn’t on your computer.

One-line spam

What a Hacked Account Means

When an account is hacked, that typically means that someone else has access to it.

Your hacker knows the account login ID and password. Using the email provider’s web interface, they can login to the account from almost any computer anywhere on the planet and start sending email using that account to all the people in the account’s address book, recipients in your sent mail, and any other email addresses that can be located by snooping around the online account information.

… the fact that hackers are exploiting various techniques like these should simply act as a reminder that internet security matters a great deal.

Frequently, they’ll also change the account information, such as the password and password recovery information, automatic forwards, and sometimes even the signatures automatically appended to outgoing messages. They may also download the contents of the address book (to be further spammed later) and then empty it and all mail folders associated with the account.

Recently, the hackers have been more stealthy and have done nothing more than sending email using hacked accounts. They make no other changes to the account hoping that the account owner doesn’t notice. That way, they keep their access to the account longer and send more spam using it without the account owner’s knowledge.

If You Get Spam From A Contact

You've Been Hacked!Let your contact know – ideally, via some other means than email.

If the hacker has access to your friend’s account, they could just as easily delete all of the warnings that you might send before your friend gets a chance to see them. Use a different email address if you have one for them or try phoning them.

Do not use an instant messaging service that uses the same account. For example, if the email address that’s been hacked is a Windows Live Hotmail account, then the Windows Live Messenger account that goes with it has been hacked as well. You might just be IMing the hacker and not your friend. Use a completely different account or service.

There’s really little else you can do.

Oh, one more thing: don’t click on the link in the email. Never click on links in spam. At best, it’ll be an ad for body enhancement drugs. At worst, it could lead to malware being installed on your machine. Resist the urge.

If Your Account Is Sending Spam

If you can login to your account immediately change your password and your security questions. Clearly, the hacker knows your password, so changing that is clear. The hacker may also have recorded or set new answers to the security or secret questions that could be used for account recovery. It’s imperative that you change those too, even if they look like they haven’t been altered.

You should also then verify that all of the information associated with your account, such as the alternate email address and mobile phone number, have not been altered. Any information that a hacker might use to fake an account recovery of his own should be verified.

If you can’t login to your account, it’s possible that you might have lost the account forever.

Use the appropriate “I’ve lost my password” approaches provided by your email service provider to attempt to regain access to your account. If those fail, the hacker may have changed your account recovery information to prevent you from being able to get your account back.

If the email service has any kind of customer support option, then that’s your next step. They may be able to help, particularly if this is a paid account. With a paid account, they typically use your billing information, such as your credit card, as ultimate proof that you are the account owner.

Once you regain access to your account, proceed as above, change your password and security questions, and verify all of the other information in your account.

How Did This Happen?

It’s difficult to say with any certainty, but these are all of the ways that I know and have heard that accounts have been hacked in the past:

  • Having a poor password. From what I hear, this could be the most common way that accounts are hacked – hackers simply guess the password. Remember, it might not be a person sitting at a keyboard slowly guessing one at a time – it could very well be a computer trying all sorts of word combinations and common passwords.
  • Having poor security questions. For some accounts, having a poor security question with an answer that’s easy to guess or find out allows hackers to succeed at resetting an account’s password, thus giving them access.
  • Malware, specifically keyloggers. Malware can arrive in many different forms, but most commonly, it infects your computer when you receive and open a malicious email attachment, download from a web site, or file transfer via instant messaging.
  • Malicious Web Sites.I’ve heard at least a couple of reports where the account hack can be traced to having visited a web site somehow was able to either silently install malware, or used javascript or some form of social engineering to gather account credentials.
  • Open Wifi. If you login to your email account without using https over an open WiFi connection, anyone with a laptop in range could potentially see your account information – both login ID and password – fly by in the clear.

Ultimately, there’s nothing really new here, and the standard concepts of keeping yourself safe on the internet still apply. If anything, the fact that hackers are exploiting various techniques like these should simply act as a reminder that internet security matters a great deal.

Well, it matters if you want to keep control of your accounts and not spam all your friends, that is.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

35 comments on “Why Am I Getting (or Sending) Emails that Contain only a Link or Spam from My Contacts?”

  1. In the way you describe, I have received spam emails apparently coming from a granddaughter with a Hotmail account (now closed, on my recommendation).
    However, there is surely another way.
    My email address is not a webmail account, but a forwarding address that filters out spam. So I can’t send emails from it. Nevertheless, since at least 2004 I (and presumably others) have from time to time received emails purporting to be from that address and others at acm.org. Whether it’s only the Reply to address rather than From I’m not sure, and I can’t find one to check.

    There are actually lots of ways that spammers spoof the “From:” address without accounts being hacked, I’m just seeing a LOT of hacked accounts in recent months. This has more: Someone’s sending from my email address! How do I stop them?!

    Leo
    30-Mar-2011

    Reply
  2. YO Yo Your timin’ on this was perfect! I’ve been gettin’ swamped w/ emails from a friends acct. wanting me to open different links. I just forwarded your newsletter to her & hopefully it will help her fix the problem! Thanks for the info Leo, good work!!
    Gordon Mac… fixt

    Reply
  3. Another way email accounts are easily hacked is by the using the same password for your email and the various web sites you sign up for services.

    For example, let’s say your email address is bob@gmail and your password is ABC123. You also sign up to post comments on the blog SmugKnowItAlls, using your Gmail address and the password ABC123. SmugKnowItAlls is hacked, and the hacker gets all the email address and passwords registered on that site, and since 9 out of 10 times people are using the same password everywhere, the hacker is able to compromise your Gmail account.

    Solution: Have at least 2 passwords — one for website registrations, and a separate one for your email.

    Reply
  4. Thank you so much.

    Your’e article email accounts being hacked was clear, concise, and thoroughly helpful. It should be recommended reading to everyone online.
    :)

    Reply
  5. I am a linux [ubuntu – evolution] user and have received an email from a hotmail account which has been hacked as described above. I have moved the offending email to my junk folder, but am unable to expunge it from this folder. [All other mail can be expunged without difficulty.] Any suggestions? With thanks for your attention and helpful advice.

    Reply
  6. Lately I’m receiving a lot of spam email from what appears to be facebook friends (a few are also email contacts but I can tell they are coming from facebook because the email includes the maiden name which I would not have in my aol or blackberry contact lists). When I hover over the person’s name, an unknown yahoo address appears. I’ve added these messages to my spam folders, via aol and via blackberry, depending on where I’m reading them. Recently, I tried to forward an email from my aol mail via blackberry to a contact. When I began typing her name in the “to” line, I was given 3 options to choose, 2 of which were the unknown yahoo addresses. However, these addresses do not appear in my blackberry contact’s list. How do I disassociate these spam addresses from my real contact’s name? How do I stop the cloning as well? Thanks!!

    Reply
  7. You have provided an interesting response to this issue. I too am experiencing this. However, you are making a HUGE assumption here that does not fit my case. You assume that the sender’s email was hacked. In my case, people have received email messages from me that have a totally BOGUS email address for me as the sender! Yes, I’ve been around computers long enough to know that the smtp protocol can be modified to spoof email addresses. What people need to do is to expand the email header so that you can see where the email came from. That will give you the clue to which of your email accounts may have been compromised, or not. A quick check of my sent list didn’t find any strange emails that had been sent. Yes, they could have been deleted…

    In my defense, that HUGE assumption is in the title: “from my contacts”. If the email addresses are being spoofed as you describe, then it’s not from your contacts. I rarely send people to try and decypher email headers, as a) they’re complex, and b) they can also be spoofed beyond recognition. In a case like this as long as people look at the email ADDRESSS (not name) that the email is coming from they can discern the difference.

    Leo
    05-Sep-2012

    Reply
  8. @dfox,
    I wouldn’t be surprised if spammers didn’t collect all the email addresses from all those “forward if you want money and you’ll die if you don’t” emails. Then they use the names they get and the whole list, assuming the people might know each other.

    Reply
  9. I have a strange problem which is similar to that described by dfox. Over the last two months, I have received about a dozen messages which appeared, from the names shown, to come from three friends, but which only contained advertising links. Usually the subject line said “For you” and included my name. At first I thought that the friends’ email accounts had been hacked, but then I checked the senders’ full email addresses, and found them to be different and bogus in each case.

    Most of these messages were treated as spam by Hotmail and did not reach my inbox. Oddly enough, the friends’ names used all began with the letter M and the bogus email addresses were all Yahoo accounts.

    I was worried as to whether my contacts list and therefore my account had been compromised, but it seems unlikely as one of the names used is not in my on-line list. I then thought that the names must have been “harvested” as Connie suggests, but that is also unlikely, as I don’t recall ever sending a message to the unlisted person, although she is known to me.

    So far I’m baffled … any ideas, folks / Leo?

    Reply
  10. A friend just sent me one of these emails without her actually sending it. Good thing she’s in the cubicle right next to mine (we work together). I informed her right away.

    Reply
  11. It seems to me there should be somewhere that one could report the real email address (with my name beside it but not my email address) and the link in the message area. By using a search engine to find out who owns the link domain, etc. I find the links are usually not malware but some small overseas company using someone to spam their website link and of course they should not be permitted to do this. I can’t find any spam-reporting website that seems to care about these. Why not?

    Reply
  12. More and more of my customers are having this problem. Instead of explaining to them how to fix it, I’m sending them to this page. Hope you don’t mind.

    Reply
  13. My mum received one of these links from a friend’s account, clicked on it, saw nothing, then closed the browser, restarted the browser, logged back in via hotmail.com, deleted the email and went on looking at her emails. Then the friend emailed around to say she’d been hacked so mum rang me for advice (I’m not that great at this but she always asks me!!). I said to run a full anti-virus scan and also got her to check whether anything new was in the downloads folder (there was nothing from this month) but is there anything else that can be done to see if the page was open long enough for something to get onto her computer? Would an anti-virus scan pick up a keylogger?

    The email is still in her deleted items folder, so we can see what the url was – would it be worth posting it up, is there anyway of figuring out what is at that URL without getting affected by it?

    Reply
    • Not really. The best thing is, as you’ve done, scan for malware. And then of course change the password (and recovery info) on that email account.

      Reply
  14. When a user sends an email through webmail, there is a spam message and link attached to it. When the same user sends messages through Outlook, the message and link isn’t there. Both emails are sent from the same computer, same account, but one was web based and the other was installed on the desktop. How is this possible?

    Reply
  15. So you think the user’s account was hacked and there is spam attached to it all the time. Only Outlook is stopping the spam from being sent out with the message, while the webmail is allowing it to be sent out…? I believe they ran several different anti-virus and malware scans on the computer and couldn’t find anything. How do I get rid of it?

    Reply
  16. Leo such a helpful article short sweet and clear. I understood this in 20 second and had spent hours looking at my service providers advice. I am now going to review to whom I give my email and set up another couple to filter my mail further. However some clever person will always find a new way I suppose. Thanks so much for this information

    Reply
  17. Your information was extremely helpful. They only question I still have is “Why?”. Getting my addresses to send out to others and get their addresses? I never open the link so don’t really know what it gives you. Is the intent to sell something or to just see how many people they can annoy?

    Reply
  18. An intersting article. I have hundreds of forwarding email addresses set up so that I can delete them and stop spam. They are given to Reputable companies like banks and other commercial companies including web sites.

    I do get spam from time to time on these addresses. How could this be? These reputable companies only uses the to contact their customers, are their email systems being hacked as well? I regularly get spam from 1-5 out of over 300 on an annual basis and have to change my registered email address with them or just delete it and never hear form them again.

    This works for commercial people but I have not found a way of getting my numerous friend to protect my email in their activities and address books. They even reply all with open email addresses and no BCC. Perhaps we need to enforce a system where users are obliged to include their name in the send field and the rest are BCC hidden. also all contact files on PC’s are encrypted. There must be a solution out there that the technologists can invent to stop all this email spam.

    A good article

    Reply
  19. Dear Leo
    I think what you do is really important to people, thank you for all you support!
    My contacts complaign that they are receiving spam emails that feature part of my email address. That makes me to belive that my account has been compromised.
    I read your advise on the matter and it was exactly what I have done before – logged into my Yahoo email account, changed my password and security questions and even reported that my account has been hacked and phishing emails to Yahoo Support: https://help.yahoo.com/kb/SLN3402.html
    I always had antivirus software (Avis, McAfee or 360 Total security) together with SuperAntiMalware remover programmes: SuperAntiMalWare, Spybot, Malwarebytes that are run at least once a months.

    But even after all the precautions were done..my contacts again received a suspicious email that looked like from me.
    I wonder if it requires to do something more substantial..
    Can you advise?
    Many thanks in advance,

    Reply
    • There are actually two issues here.

      1. Although it is great to have good anti-malware security on your computer, that will have nothing to do with your Yahoo email, and in keeping it secure. Yahoo email is not on your computer, but hosted on the Yahoo servers. If you account was hacked it was, most likely, the result of an easy to crack password. Make sure you have changed the password to something long and difficult.

      2. It sounds like you have secured your email and that’s great. It’s likely that that hackers made a copy of your contact list. So they now have that list and may easily continue sending spam to people. It’s very easy to make an email look like it comes from your account even though it is being sent from a different computer all together. So, unfortunately, there is little you can do about it. One of the sad results of the computer world.

      Reply
  20. I keep receiving emails to myself, from myself, and it will not let me block on my email address in Outlook. I also keep getting emails from people that say “safe sender” although I currently have no one on that list except my contacts. It’s highly annoying and just recently picked up in quantities. I’ll wake up to having about 40 new emails overnight from spammers.

    Reply
  21. I have been getting emails containing their own “Mark As Spam” link. Is this a variation of the virus warning that encourages you to click? This one was straight forward as there was really no content, just options to mark as spam or unsubscribe.

    Reply
    • It sounds like that’s what they are doing. You can check the link to see where it goes, but if it goes anywhere, it’s back to the spammer so it must be a variation on the fake unsubscribe link.

      Reply
  22. What is “xodye? This was in the message information on my husband’s phone, but was showing as a message sent from me. I did not send the message and was to prove it as I did not have the message in my phone

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.