How do I stop [email being sent as me] or prevent a hacker from getting into my address book?
This was a follow-up question from someone who’d discovered that, as they put it, “Somebody is using my email address book to send spam to my friends.” I had pointed them at Someone’s sending email that looks like it’s from me to my contacts, what can I do?
What’s critical to realize here is that it’s extremely likely that they don’t just have access to your address book; they have access to your entire email account.
And that’s exactly where prevention begins.
Become a Patron of Ask Leo! and go ad-free!
The scenario
This is the scenario I’m hear frequently:
- Someone’s email account gets hacked.
- The hacker then uses that email account to send spam to everyone in that email account’s address book.
It’s that first part that matters: they hacked into your email account.
This has nothing to do with your PC (probably)
The cases that I’m seeing are not due to a virus, and it does not mean your computer or your email program has been hacked. Your computer can be 100% secure and this could still happen.
It’s most common with web-based email accounts, like Hotmail, Yahoo, Gmail, and others – and that’s the clue.
The hackers have somehow discovered your email username and password. Armed with that, they head off to the website for that email service, and log in.
They login as you …
… because they have your username and password.
So they log in to Hotmail or Yahoo or Gmail or whatever serviceyou use – as you – and start sending everyone in your address book spam.
And they often do all of this from the other side of the planet.
PC-based email programs are not immune
Any email account can be hacked. The ones that keep address books on the email server, such as those that offer primarily web-based access, are the most common, because the hackers don’t want just your account – they want the address book.
Some PC-based email programs recognize online accounts and synchronize the contact list you keep on your PC with the contact list that’s kept online. A great example is Windows Live Mail, a desktop email program which, when configured to access a Hotmail account, synchronizes your local address book to Hotmail’s online copy.
It’s easy to check; just log in to the web interface of your email account, and see if the contact list is empty. If not, hackers would love to get access to your account.
Protecting your address book means protecting your email account
Your address book is just a part of your email account. It’s your email account that needs protection.
There’s nothing really magical about that.
- Use a good password. I’d guess that perhaps as many as a quarter of all account hacks I hear of are simply hackers guessing the password.
- Don’t share your password with anyone. Not only are you trusting their good intentions, you’re also trusting their security savvy – if they make a mistake and expose your password, it could easily result in a hack.
- Don’t log in to any of your accounts using public computers. The problem is that there is no way to know that your keystrokes aren’t being recorded. If you must log in to something, make sure it’s a throw-away account you wouldn’t mind losing to a hacker.
- Use open Wifi hotspots safely. In many cases, logging in to your email account with an open Wifi hotspot transmits your username and password in the clear for anyone with a laptop and a little software to see.
- Use your computer safely. I said that your computer may not be involved, but that doesn’t mean it can’t be. Spyware or keyloggers installed on your computer could give hackers all the usernames and passwords they need to get into your accounts.
- Be skeptical. A large percentage of account hacks I see are the result of phishing – tricks hackers play to get you to give them your password. An email that threatens to close your account unless you respond with a list of information that includes your password is a scam. Provide that information, and in minutes, your account will be hacked.
Hopefully, you get the idea: treat your email account security seriously, pay attention to online security, and you’re many, many steps ahead of the hackers who want to get into your account.
If you’ve already been hacked …
… start doing everything I just listed. In fact, double-check it all just to make sure.
But most importantly: change your password. Now.
In fact, you must change much more than your password.
You need to change any and all of the information that could be used to request a password reset on your account.
Why? Two reasons:
- Hackers often change the information while they have access to your account.
- Whether they change it or not, hackers can often use the information they find in your account to immediately regain access to your account after you change your password by requesting a password reset.
What you need to change depends on what your email provider uses for password-reset information, but it could include:
- Alternate email addresses
- “Secret” questions and their answers
- Mobile numbers
- Billing information
- Whatever else your email provider uses
In some cases, like the mobile number, even if you don’t change it (presumably you still have the phone), you should confirm it’s still set correctly. As I said, hackers often go in and change these settings so they can regain access.
I and my contacts have been receiving a phrase from “Smilebook” that they sent to me and I can’t seem to erase it from my e-mails, nor can my contacts. I’ve contacted “Smilebook” and they deny sending it to me. It says; I have tryed to do this all in vain. It was when I cancelled them and they had a problem with the cancellation. What to do?
Cub
To Protect Your Gmail Account from Getting Hacked
– Always Check for the URL before logging into your Gmail Account
– Do-Not check your Emails at Public Places
– You must regularly Monitor Gmail Account Activity
– Look for Bad Filters- You always need to check for the unknown filters from your Gmail settings> Filters. These filters can also be deleted you can delete the filters that you have not created or which appears suspicious to you.
– Refrain yourself from clicking on suspicious links
For More Information: {link removed}
I’m thinking like a hacker here….why wouldn’t I get your email/password and go to all major websites and say “I forgot my password”. Most use their email address as the username and probably the same password. If you have an account there, it will email a “reset password” link to your email account that I have access to! I can now get into your OTHER accounts. Not to mention, if I search your email archives (gmail especially as they promote NOT deleting anything) then I can get a feel for where you do your banking and other online activities.
HTH.
I received an infected e-mail from one of my contacts. I know it was infected because AVG caught it when I opened the e-mail.
I immediately erased that contact from my address book, and marked the e-mail as spam, but I am still receiving e-mail from that contact, just as if it is still in my contact list. What is happening here?
26-Oct-2011
In addition to a complex pw, one should also make the answer to your secret question very complex.
It does not have to make sense, but you must remember it.
For first pet or where married or mother’s maiden name, enter something like “DWERYGFRETR”
So, a hacker must not only know your username and pw, in order to change the pw, they must know the answer to your secret question. Make the answer all gibberish that only you know.
Just a heads up: If you use Gmail, they now offer a service that will send your mobile / cell phone a verification code in order to log on. This might serve as another line of defence, provided that you haven’t been hacked and that all of your contact details are correct.
ummm, sorry to say but people do not even have to have access to your account to make it look like it comes from you.
All they do is use your email address and use a program to send out spam and it looks like it comes from you.
01-Dec-2011
Go to Youtube and type in: (how to stop phishing with email address encryption.) My name is Sharen and hopeful you find this of assistance. This is a technique that I developed to help deter Phisher’s from using my contact list by making them work harder for it.