Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

A friend got email that looked like it was from me, but with the wrong email address. What do I do?


I was just informed and forwarded an email by one of my Facebook contacts.
He was not a contact in my Gmail or AOL email accounts, but a Facebook contact.
He got an email using my Facebook name and a different email return address
with a spam link for him to click. I haven’t been able to find any info
regarding this kind of scam. Here’s what my friend forwarded to me (…and it
shows in fact exactly what he described: email from him, email that appeared to
be from him with his name but with a completely unrelated email address).

In this excerpt from
Answercast #56
, I look at another case where a Facebook friend is sent a
strange email with the wrong name.

Become a Patron of Ask Leo! and go ad-free!

Possible security leak

Yes, this is spam. It is nothing more than spam and it is also nothing
that’s in your control; there’s really nothing you can do about it. It’s
something that both you and your friend simply need to treat as spam. Mark it
as spam and get on with your lives.

What’s happened? So there’s an article I wrote just a couple of weeks ago
called, “Why
am I getting email from someone with the wrong email address?

Friend leak

Here’s the theory… I don’t have confirmation on this at this time but here’s
the theory: the theory is simply that there was a leak in the way that Facebook
allowed some of its data to be read.

A leak such that spammers… I’m not even going to say hackers because there
was really no hacking involved here. There’s no breach of data here. This is
simply an unplanned-for leak of data that Facebook actually made available when
it shouldn’t have.

What it boils down to is apparently some of the relationships on Facebook,
friends of friends and so forth, were somehow being exposed to hackers.

Tricking you to open mail

Now, what hackers do is they’re trying to get you to open the mail that they
send. They want you to click on that link. And how do they do that? They try and
fool you.

One of the ways they try and fool you? By making it look like the email you
got is from someone you know and trust.

So just knowing the name of someone that might be a contact of
yours in Facebook, for example, is enough. They use that then to make it look
like that email was sent from you in the hopes that the person receiving it
will say, “Oh, well, gosh, that’s from Leo, I’m going to click that.”

Don’t click!

Guess what? Not gonna happen. That’s spam.

That is spam; it’s not from you; you didn’t send it and there’s nothing you
did to cause it to be sent. You did nothing wrong, your recipient did nothing

If anybody, Facebook did something wrong to make this data exposed (and even
that hasn’t really be confirmed). There’s a lot of fingers that are pointing at
it that seem to indicate that this is what happened. Yours is another good one
because this is clearly something you were able to track down to a
Facebook-specific relationship. But that’s really all it is.

So, treat it as spam; recognize it for what it is and get on with your

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “A friend got email that looked like it was from me, but with the wrong email address. What do I do?”

  1. I have had the same thing but from Yahoo not Facebook. I get emails addressed to me from a name I know but the email is [something] The first one was from my son so without looking at the email address I clicked the link and got a blank page, other than whatever the script in the page put on my system. I quickly ran MalewareBytes which found three redirect scripts. This was re-directing my search from Google to something else. The email simply contains the line, “Hey Ken” with a long link. At first these were from [something] but now they are from

  2. There is another scenario which calls for users to be highly cautious about who they befriend on facebook.

    A facebook friend could be spamming with a different address – they don’t have to hack or get leaked data – they just befriend you and can see your name as well as your friends’ names and can then use those names with a fictitious email address to send spam or malware.

    Be wary of strangers, just like in real life. Only, you can at least judge a person by the appearance, looks and body-language in real life but no such thing on platforms like facebook!


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.