What you can do about it.
This occurs either because it’s not really closed, or spammers don’t care that it’s closed.
Closing an account because you believe it’s sending spam typically doesn’t help.
The damage has already been done.
Become a Patron of Ask Leo! and go ad-free!
A “closed” account might seem to continue to send spam because:
- Your account was never hacked. The spam is simply “From:” spoofing.
- Hackers quickly re-opened the account for themselves.
- You accidentally re-opened the account.
- Your account was never involved, and your email address was simply spoofed as the sender.
- It’s now someone else’s account.
If you closed it because you thought it was hacked, you may have been wrong, and closing it had no effect.
Say you have an important email account on a popular email service.
One day, you get a number of reports complaining that you’re sending spam. The reports are from people you’ve corresponded with in the past. Some of your contacts might be upset because their machine has malware resulting from those emails.
Except you didn’t send them.
And yet the spam continues. Closing the account didn’t help.
There are several reasons this can happen.
Reason 1: Your account was never hacked
There’s a good chance your account had never been hacked.
This is the most common scenario.
What most people don’t realize is email is incredibly easy to fake. It’s trivial for a spammer to make it look like an email came “From:” your email address without needing access to your account. It’s called From: spoofing. Most spam comes “From:” email addresses having nothing to do with the spam at all. The sender has been completely faked.
But they did target your contacts. How did they do that?
Three things come to mind:
- Blind luck. With millions and millions of spam emails being sent every day, it’s possible your email address could have been randomly faked on spam sent to someone you know.
- Information leak. For a while, there was a way to determine some friend relationships and email addresses on Facebook without needing to be signed in. Any comparable data breach can expose similar relationships; even just communicating in a public forum where email addresses are exposed could do it. Email in transit is also visible to all servers it travels across, so information about who you’re mailing could be harvested if the servers themselves are compromised.
- Someone else got hacked. It could be one of your contacts who was hacked. It could be the contact list from their account that was harvested by the spammers, and thus your email address could have been harvested from it and then used to fake “From:” lines in spam targeted at other friends and contacts.
There’s really no certain way to know, but the first thing to do is check the Sent Mail folder of your online account or web interface. If you see the spam in that folder, which indicates it was sent from your account, then indeed you’ve been hacked, and should take all necessary steps to recover. If it’s not there, it’s not proof of anything, but I would not panic unless more evidence of a hack appears.
Reason 2: Hackers reopened the account
When most people close their account in a panic, they go through the steps and nothing more.
Not only is it ultimately ineffective, but closing your account is not enough.
If you do close your account, you’ll often find there’s an “out” — a way that, for a limited time, you can re-open the account should you later change your mind. (You’d be surprised how often people change their minds.)
The “I didn’t really mean it!” approach usually involves proving that you are the owner of the account, using your password, and additional identity verification or recovery steps.
Sometimes it’s as simple as signing into the account again after you’ve “closed” it.
Hackers know all this.
They know the account can often be reopened. They often know, or have changed, the account validation and alternate contact information.
So, within moments of your closing the account, the hacker just re-opens it and resumes sending spam from it.
Reason 3: You reopen the account
As I mentioned, sometimes signing into the account is enough to cancel the account closure.
Many accounts these days are more than just email. A Microsoft account is a good example. On that same account, you may have messaging programs (Skype), calendars, cloud storage (OneDrive), online applications (Office), and much, more. Microsoft accounts are also commonly used to sign into your computer.
If you cancel the email account and then sign into another service from the same provider using the same account ID and password, you may unknowingly have re-activated the email account.
If you intend to cancel the account, you have to walk away from everything that is part of the account.
Otherwise, the account may not get canceled.
Reason 4: Hackers don’t need your account anymore
A common hacker trick is to slip into a hacked account and steal the address book.
In that scenario, the damage has been done.
Even if you recover and completely secure the account, or even if you really, truly cancel the account:
- Hackers can still send spam to all your contacts because they’ve stolen those email addresses.
- Hackers can make spam look like it came from you even though they are no longer using your account. As I mentioned, “From: spoofing” is easy.
So you might put a lot of time and energy into closing the account, and even if you’re successful, it solves nothing because the hackers left it behind long ago.
Reason 5: It’s now someone else’s account
If you successfully close an account, most services hold on to the account name (usually the email address) for “a while” — anywhere from a few days to a few months.
Then they make it available for new accounts.
Someone could (and if your email name is particularly desirable, almost certainly will) open a new account with the email address you left behind. No, they won’t have your data or your contacts, but they now have your old email address.
They could get hacked. They could be spammers themselves. After really closing an account, you lose all control over the email address, and you have no idea who might get it someday in the future.
Your old “closed” account could come back to haunt you.
What can you do?
Aside from not getting hacked in the first place, there’s almost nothing you can do.
Of course, if your account has been hacked, you need to recover it. Start here as quickly as you can: Email Hacked? 7 Things You Need to do NOW. But it may be too late; the hackers may have copied all the information they need to keep spamming your friends and make it look like you.
What I can say is that closing your account isn’t going to help, and ultimately could make things even worse, as you relinquish all control over it.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!