Article (PSA-0015)
Submitted by: Rebekah Long, Technician
Company: PSA Computer Services
Titled: You’ve Got Spam
Original release date: June 10, 2021
Getting spam is a hassle. No argument there, but what’s even worse than that?
Unknowingly sending it.
When fake, unverified, and potentially virus ridden emails go out with your email address, it can look bad. And not only do you look bad, but you also have to deal with the emails that bounce back due to dead addresses.
There’s one reassurance in all of this, your computer is not actually sending out spam, and your computer and IP address are still safe. Unfortunately, there is still some bad news.
If spam is being sent from your email address, your address has either been “spoofed” or “hijacked.” Either way the spam isn’t coming from your computer, and probably not from the bad actors computer either. It’s most likely being sent from someone’s “Malware-Infected” computer – and they probably don’t even know they’ve been hacked!
Spoofing an address is when someone sends email with your email address as the sender, even though they don’t actually have access to your email account.
Unfortunately, as of now, there is no way to prevent spoofing. Additionally, there is no way to know for sure who sent the spoofed emails and no way to stop it from happening.
Fortunately, these bad actors tend to change the email address’s they spoof often, and they will move on from your email address eventually. Your email service provider may administratively block your email address for a period of time when they notice the large amount of email being sent from your email account. If this happens, you will need to contact them to “unblock” your email address.
Hijacking can be much more devastating. In the case of a hijacking the criminal takes control of your email account. This includes them having the ability to read your email, and contacts list. They can then use this information to specifically target people in your contacts. A hijacker can also lock you out of your own email account by changing your password.
Thankfully, unlike spoofing, something can be done about hijacking.
If you can still receive email, try logging into your email account on another computer or by using your internet browser’s private mode. When the login fails, try the services “Forgot your password?” or “Need help?” link. The service will email you a password reset link. You will need to act fast and get the password reset email before the bad actor.
If that fails you’ll have to contact your email service provider and explain the problem. If you have access to the internet, then perform an internet search similar to “I can’t sign into my Gmail account” or “I can’t sign into my Outlook account” or the name of whatever email service you use. This should get you to a support page for your email service provider.
If you’ve been using the same password for other services – you should change those passwords immediately to stop the hacker from moving onto other services you use.
Once you have your email account back under control, don’t forget to email apologies to everyone who received spam from your email address.
Here are four things you can do to help prevent your accounts from being hacked in the future:
- Use passwords that are 9 characters or more. Utilize upper and lowercase letters, numbers and a special character or two (if allowed).
- Use different passwords for each different account (don’t be lazy, you’ll regret it later!)
- If the account offers multi-factor authentication, use it.
- Do not send passwords in emails …. ever!
If you’ve been hacked and need help give us a call.