Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

I got two identical spam messages from two friends. Which of us has been hacked?

Question: Leo, I’ve received two emails from two different friends, both of which have the same link in them. Hotmail threw both of them into junk mail area so I was suspicious and didn’t click on the link and deleted them. But I was wondering, have they been hacked? Or have I? Should I warn them or start looking into my own vulnerability?

Without looking at the actual message source (meaning the headers that you don’t normally look at) it’s nearly impossible to say. It could be you, but ultimately, I don’t think it’s likely. It could be them. Or, believe it or not, it could be nothing at all.

Become a Patron of Ask Leo! and go ad-free!

Spoofing is easy

It’s trivial to make email look like it’s “from” someone that it’s not. Nothing has to be hacked for that to happen. In fact, spammers have been doing that for years. That, in and of itself is so very common, that getting spam from someone you know is pretty meaningless when it comes to understanding what might actually be happening.

That you got the same kind of message from two friends is only slightly more interesting.

Spammers want to send you messages that you’ll open. One way they do that is to send you messages that look like they come from your friends. And again, no one has to be hacked for that to happen. The spammers just fake the “from” line and send you the email.

Hacking happens too

Now, of course, it is possible that your friends have been hacked.

No SPAM!That too, is unfortunately common. It seems less likely in this scenario because you had two friends send you the same message at roughly the same time, which feels more like random spamming. However, if both of your friends’ accounts had been hacked, then yes, the spammer could have found you in your friends’ address books and thus your friends’ accounts could, quite literally, be sending you spam directly.

It’s unlikely in my opinion that you’ve been hacked. Normally when an account is hacked, it sends spam. Hacking is rarely related to the spam an account gets after the hack. In fact, the most common symptom of a hack is simply that you can’t log in because the hacker changed your password.

But there is a tiny chance, so why not be safe? Change your password. Check out my article, “Email hacked? 7 things you need to do now” to at least get some ideas of the recovery steps you might want to take. Even if your account hasn’t been hacked, it does no harm to stay safe.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

1 thought on “I got two identical spam messages from two friends. Which of us has been hacked?”

  1. An easy way this could happen is from people forwarding funny messages with everyone’s email addresses exposed. When the hacker gets ahold of the email he knows that the people in the cc list are related in some way and starts sending out spam that looks like it’s from a friend.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.