I often get spam emails where there are a couple of personalizations that
just intrigue me. For example, I received a spam email from a real friend. I’ll
call him “Leo,” but the email address of the sender is actually someone else.
Someone else that I don’t know, an email address that I’ve never seen. Now, I
know “Leo,” but have not emailed him for years and I don’t see him in my current
email address book although I may be in his address book. The spam is one of
those that contains a clickable link and nothing else. Of course, I did not
click on it.
In this excerpt from
Answercast #50, I look at the sophisticated strategies spammers use to send
their malicious emails. Bottom line is to recognize it and not click on the
link.
Become a Patron of Ask Leo! and go ad-free!
Spam from friends
Now… the original question goes on quite long – but the bottom line for a
scenario like this (the telltale sign for me) is that:
-
The email contained only a clickable link.
-
The email account that it came from was hacked.
Now, what email account did it come from? Well, that’s really hard to say.
Since this is someone you know, the display name that was used was someone you
know. My guess is someone you know (perhaps, “Leo,”) had his email account
hacked.
Email spammers
Now, why then are you seeing email addresses that you don’t know?
My belief is that account hackers and spammers are getting more
sophisticated. What their intent is… what they’re trying to do when they
attack these accounts, when they hack into them and use their contact lists to
send email, is:
-
They’re trying to use names that are familiar to you;
-
Names that will cause you, as the recipient of this spam, to maybe think
it’s legitimate; -
To open it up and maybe click this link because it’s from a name you
recognize.
Now normally, they’ll do this by using the actual email address of the person
in addition to their name. Why they’re mixing it up, I’m not sure. Clearly, it
feels like they’ve set up some database that says:
-
You know or recognize these names (in other words, you’re in this person’s
email address book); -
Let’s send you email.
-
OK, now let’s send you email at least with a display name that you’ll
recognize.
Why they’re using other email addresses in association with that display
name, I honestly can’t say. It doesn’t really make a whole lot of sense, but
these are spammers. These are scammers and they are trying to get you to do
things that ultimately you don’t want to do.
Friends email hacked
So, the bottom line here is that fundamentally I believe that your friend,
“Leo,” (pseudonym of course) had his email account hacked at some point. As
part of that, your email address became known to the spammers. They are now
sending you “run of the mill spam from hacked accounts” that are trying to get
you to click on that link – and do things that you don’t want to do.
So, bottom line is, yea, this happens. This kind of weird mix-up of name and
email address happens. It’s almost always a sign of spam. You should almost
always just mark it as spam in your email program or email service and move
on.
Next from Answercast 50 – Why is my audio choppy?
Leo the best and only way to actually not get spam sent is to know who and where you let your email address go to – here is an example below
lets say I sign up here to you (lol)
my email address will now be called
ask-leo.com@mydomainname.com
this way if I start getting emails back then I know your accounts/database has been hacked and this email address can be registered as a spam account
make it an alias account that can be forwarded on anywhere
I have setup many for just this and of late I have had some come from linkedin of which that I dont have a linkedin account what so ever
then as soon as I see the header via mailwasher pro – i can delete and blacklist them well before anything is downloaded
works well for me
icemanx, unfortunately not everybody is able to set a different mailbox for each service they use for various reasons. At the end of the day, there is not a single way to stop SPAM and I doubtful that there will be any time soon; so people have just got to learn how to discriminate between legitimate emails and SPAM – I cant see that there is any two ways about it.
But as for the display name. Unfortunately, it is so easy to specify any display name in the email header. Different email clients display that name in different ways and in some it is easy to see the real senders address, but in others you can very easily be fooled. There is no protection system to stop people using any display name so again, it comes down to learning the tell tale signs of spoof emails and you should also check the actual sender’s address; not the “Reply-To” address and the display name as these could both contain completely legitimate but fake addresses!
The reason the spammers did not come from the friend’s real email address is probably that they do not control it.
The spammers know the target’s email address and that a person with the friend’s name is a friend of theirs. How did they know this without accessing the friend’s email account? Social media is one place. Contact list apps on phones are another.
I have a filter set up in Thunderbird that says if the sender’s email address is not in my address book, then mark it as spam.
Thunderbird is set to delete spam after xx days, so every xx days I have to scan the spam for false-positives.
This would help with the original problem, but doesn’t do much when your friend’s email account has been hacked. But then, what can you really do in that scenario?