If you’re getting emails from a contact of yours that have either no subject line or one that doesn’t make sense and the message consists of a link to a site that you’ve never heard of…
Your contact’s email has likely been hacked.
If people are telling you that they’re getting these messages from you… well, you can guess what it means.
It’s your email account that’s likely been hacked into.
Become a Patron of Ask Leo! and go ad-free!
It’s Not A Virus
It’s almost certainly not a virus, and no amount of scanning or other anti-malware work on your computer will make it go away. That’s not to say that scanning isn’t a good idea. The hack could have been the result of a keystroke logger, for example. Nonetheless, removing malware won’t fix the fact that your account was hacked.
The problem isn’t on your computer.
What a Hacked Account Means
When an account is hacked, that typically means that someone else has access to it.
Your hacker knows the account login ID and password. Using the email provider’s web interface, they can login to the account from almost any computer anywhere on the planet and start sending email using that account to all the people in the account’s address book, recipients in your sent mail, and any other email addresses that can be located by snooping around the online account information.
Frequently, they’ll also change the account information, such as the password and password recovery information, automatic forwards, and sometimes even the signatures automatically appended to outgoing messages. They may also download the contents of the address book (to be further spammed later) and then empty it and all mail folders associated with the account.
Recently, the hackers have been more stealthy and have done nothing more than sending email using hacked accounts. They make no other changes to the account hoping that the account owner doesn’t notice. That way, they keep their access to the account longer and send more spam using it without the account owner’s knowledge.
If You Get Spam From A Contact
If the hacker has access to your friend’s account, they could just as easily delete all of the warnings that you might send before your friend gets a chance to see them. Use a different email address if you have one for them or try phoning them.
Do not use an instant messaging service that uses the same account. For example, if the email address that’s been hacked is a Windows Live Hotmail account, then the Windows Live Messenger account that goes with it has been hacked as well. You might just be IMing the hacker and not your friend. Use a completely different account or service.
There’s really little else you can do.
Oh, one more thing: don’t click on the link in the email. Never click on links in spam. At best, it’ll be an ad for body enhancement drugs. At worst, it could lead to malware being installed on your machine. Resist the urge.
If Your Account Is Sending Spam
If you can login to your account immediately change your password and your security questions. Clearly, the hacker knows your password, so changing that is clear. The hacker may also have recorded or set new answers to the security or secret questions that could be used for account recovery. It’s imperative that you change those too, even if they look like they haven’t been altered.
You should also then verify that all of the information associated with your account, such as the alternate email address and mobile phone number, have not been altered. Any information that a hacker might use to fake an account recovery of his own should be verified.
If you can’t login to your account, it’s possible that you might have lost the account forever.
Use the appropriate “I’ve lost my password” approaches provided by your email service provider to attempt to regain access to your account. If those fail, the hacker may have changed your account recovery information to prevent you from being able to get your account back.
If the email service has any kind of customer support option, then that’s your next step. They may be able to help, particularly if this is a paid account. With a paid account, they typically use your billing information, such as your credit card, as ultimate proof that you are the account owner.
Once you regain access to your account, proceed as above, change your password and security questions, and verify all of the other information in your account.
How Did This Happen?
It’s difficult to say with any certainty, but these are all of the ways that I know and have heard that accounts have been hacked in the past:
- Having a poor password. From what I hear, this could be the most common way that accounts are hacked – hackers simply guess the password. Remember, it might not be a person sitting at a keyboard slowly guessing one at a time – it could very well be a computer trying all sorts of word combinations and common passwords.
- Having poor security questions. For some accounts, having a poor security question with an answer that’s easy to guess or find out allows hackers to succeed at resetting an account’s password, thus giving them access.
- Malware, specifically keyloggers. Malware can arrive in many different forms, but most commonly, it infects your computer when you receive and open a malicious email attachment, download from a web site, or file transfer via instant messaging.
- Open Wifi. If you login to your email account without using https over an open WiFi connection, anyone with a laptop in range could potentially see your account information – both login ID and password – fly by in the clear.
Ultimately, there’s nothing really new here, and the standard concepts of keeping yourself safe on the internet still apply. If anything, the fact that hackers are exploiting various techniques like these should simply act as a reminder that internet security matters a great deal.
Well, it matters if you want to keep control of your accounts and not spam all your friends, that is.