There’s a bucket-load of issues here, and quite frankly an awful lot of confusion.
This can be a very frustrating situation, but what happens next, if anything, depends on what’s really going on.
Become a Patron of Ask Leo! and go ad-free!
Is it really you?
First, I have to ask: how do you know that it’s your account being used to send spam?
What’s incredibly important is to realize that just because the spam says it’s “from” your email address, that doesn’t necessarily mean that the spam was actually sent from your account.
Spammers can fake the “from” address. It’s very easy to do. That means that they can make an email message look like it came from you or me without ever having to access our accounts. They don’t have to hack anything. It’s trivial.
So, the first thing is: never assume that spam with your email address in the “from” line actually came from you. In most cases, it actually hasn’t.
How to tell
How do you tell for sure? Well, there are two ways. Is the spam in your sent mail folder? If it is, then yes, your account has been hacked and it was used to send spam. There’s clear evidence. Of course, hackers can and often do delete the sent mail, so finding no spam in your sent mail doesn’t rule out a hack.
The other approach is to look at the headers of the spam messages themselves. Now I’m not saying the simple headers – like the “from” line -that you see by default in most email programs, but the full list of headers that geeky people, like me, look at. If you “view original” in Gmail on a message you’ll see them. Or in Outlook, look in the “Advanced Properties” of the message, I believe.
And of course there are other ways on other mail services and programs to take a look at these full message headers. Someone knowledgeable about what to look for can look at those headers and determine if indeed the message came from your actual email account, or if it’s just a spammer faking the “from” address.
Given what you’ve described, I think it’s most likely that a spammer faked the “from” address without accessing your account.
What to do
So, what do you do if they’re sending email that looks like it came from you but your account was never involved?
You can do absolutely nothing.
It is completely out of your hands since you and your account were never actually involved. Let your friends know that it’s not you, it’s not your account; and get on with your life.
If it was a hack
If your account was involved, things get more interesting. You need to change everything in that account that could be used for password recovery. That means the passwords and the secret questions, like you mentioned. It also means confirming that the associated mobile number or alternate email address is what you expect it to be.
You even need to check if that hacker added automatic forwarding or messaging-processing rules that would still allow them into your account. You need to check it all. As long as one tidbit remains that the hacker could use to regain access by faking a lost password recovery, he will.
Contacts
And about your contacts: As long as the contacts came from your online address book and you’re really, really certain about this, then it’s possible that your account has been compromised at least once. The problem is that now the cat’s out of the bag. All the hacker needed to do at that time is make a copy of your contacts, exporting the entire list perhaps. Then no matter what you do with the account after that, he still has that list. He can still send fake email to look like it comes from you and send it to that list.
Once again, there’s nothing that can be done about this either, other than making sure you can completely recover your account and secure it properly.
Once the hacker has your contact list, he has your contact list forever.
- Email Hacked? 7 Things You Need to do NOW Email account theft is rampant. If it happens to you, there are several steps that you need to take not only to recover your account, but to prevent it from being easily hacked again.
- Someone’s sending from my email address! How do I stop them?! Email spoofing is rampant. Spammers often send email that looks like it came from you. And there’s little that you can do about it.
- SPAM Articles relating to the plague that is spam – why it exists, what to do about it, what NOT to do about it, and basically how to live with minimal frustration in a spam-filled world.
Hi Leo,
Love your site. Thanks for so much help, for so many of us.
A couple years ago, when this happened to me, I made a change that solved the problem for me, and for the people on my contacts list.
After determining to the best of my ability that I hadn’t been hacked, I made a new email account. I then, from the original account, emailed everyone on my contacts list, briefly explaining why I was changing accounts, and asking them to change their info, to reflect the new address. I then sent identical email from the new addy. Problem solved for most of my contacts. A couple, I called on the phone, as they didn’t really understand, and I needed to walk them through updating my addy in their account. (Specifically, I got to speak with an Aunt whom I hadn’t talked with in quite a while.)
Oops…..
Forgot an important point.
Let them know to treat the old address as spam.
It’s as if someone sent out a bunch of envelopes through the Postal Service, with your return address printed on them. Most people would think it was a letter from you, until they saw the advertisement inside. Some people would notice the postmark wasn’t from your town, just like some people would look in the email headers, and recognize that an email didn’t come from your mail server.
great post leo thank you for the clear information and advice
Leo, My {email address removed} has been hacked and stolen several years ago, Google is all screwed up!! can not get person on the phone to help!!!!!! I did all steps required by recovery,did not work. the hacker is sending to my alternate email taunting messages with an address!! I think this is blackmail!! here is what he sent: here is a video- {URL removed} talk soon {address removed}
Google instructed me to give them an alternate email – {email address removed} which I did, told me they would send instructions, that didn’t work! Now Google is using my primary email as my google access email!!! Help
Do I erase the present primary address and put back my old Gmail address to get ity back???
Google has made this very confusing. can you help out,as thief is using my email to send spam!!!
Thank You,
Henry
If you have paid hosting/email services then you can set up DKIM and SPF which is supposed to prevent people from using your email address for spam.
It is not true that you cannot do absolutely nothing. You absolutely can. I fixed this issue on my own and I am not even computer savvy. This same exact thing happened to me the other day on my Yahoo account. I was receiving tons of spam e-mails from my own e-mail account. My account was not hacked. I changed my password several times and they still kept coming in. I finally went into the Yahoo help center and I read that if you change the default setting so that your e-mails do not show images, it will prevent this from happening. It said that even though it looks like your e-mail is sending you spam, it is actually spammers disguising themselves with your e-mail, not actually hacking into your account. I went into the settings and chose “do not show images,” and suddenly, all the spam e-mails that were in my account were all of a sudden going to my spam folder. I guess somehow, when you are e-mails automatically show the images, it sends some type of confirmation to the spammers that the e-mail is legit or something to that effect. Either way, after changing my settings to “do not show images,” the continuous spam mail stopped going into my inbox and directly went into the spam folder. Job done!
Thank you for writing this article. It was extremely helpful to me!
I think there’s something quite serious going on with BT. For months I’ve been getting emails that appear to be from banks, especially Natwest, and also from Microsoft, wanting me to update my profiles etc. but these are headed with normal everyday bt account holders addresses. I report them as phishing usually but of course am unable to with microsoft, as they have no phishing email.
I’ve now gone linux with my email computer so am on Mozilla but that wont pick up emails from my ‘used to be’ prime email unless I go into webmail to move it over from junk (everything goes to junk, even the un-junked) and put it in the inbox. And yet Mozilla picks up the mail okay from my ‘secondary’ bt account which never received spam.
And the reason I went Linux is because I had my Bios ‘Hacked’? and a password was installed which stopped me from even using my cd reader or using a virus detector prog. even though I had never opened anything apart from ‘show images’. (I removed the password by removing the cmos battery and leaving it to lose it’s charge for 24hrs to set it back to default, then threw in an old vista cd and let it fire up fully before installing Ubuntu 16 straight away taking the full hard drive) Everything is okay now. But the point is that I have heard from so many people (that I haven’t communicated with via emal) that their bt emails are so full of rubbish now and they cant stop them and they too are having niggling problems with their computers seeming to have a mind of their own it’s very reminiscent of just before Yahoo went belly up.
It doesnt help that my isp keeps disabling my email account – asking me to change password
Cant win – bah