You’ve Got Spam!

by Rebekah Long Guidance, PSA Articles

Article (PSA‑0015)

Receiving spam is annoying. Seeing that same spam is being sent **with your own address** is even worse. When that happens one of two things is going on:

  1. Spoofing – the attacker forges the From: field so the message looks like it came from you, even though they have no access to your account.
  2. Hijacking – the attacker has actually taken control of your email account, can read your messages, see your contacts, and send mail as you.

What Spoofing Looks Like (and What You Can’t Do About It)

  • Messages appear in recipients’ inboxes with your address as the sender.
  • The source IP is usually a compromised computer far away – not yours.
  • There is currently no reliable way to **prevent** spoofing, nor to know who is doing it.
  • Spoofers typically move on quickly; most providers will temporarily block the offending address if the volume spikes.

Hijacking Is Treatable – How to Recover Your Account

  1. Try to log in from a clean device (or use a browser’s private/incognito mode). If you can’t sign in, click the provider’s “Forgot password?” or “Need help?” link.
  2. Reset the password immediately.** The password‑reset email must be claimed before the attacker does.
  3. If the reset link has already been used or you can’t receive it, contact the email provider’s support team (e.g., Gmail, Outlook, Yahoo) and explain that your account has been compromised.
  4. After you regain access, review security settings:
    • Enable **multi‑factor authentication (MFA)** if it’s available.
    • Check for any forwarding rules, auto‑responders, or linked applications you didn’t create and delete them.
  5. Change passwords on any other services where you reused the same credentials.** Attackers often try those next.
  6. Send a brief apology to anyone who received spam from your address, letting them know you’ve secured the account.

Prevent Future Compromise – Four Simple Steps

  • Strong passwords: at least 9 characters, mixing upper‑ and lower‑case letters, numbers, and symbols.
  • Unique passwords per account: use a password manager to keep track.
  • Enable multi‑factor authentication (MFA): adds a second verification step (code text, authenticator app, hardware key).
  • Never send passwords by email: never include login credentials in any message.

Need a Hand?

If you suspect your email has been spoofed or hijacked and you need help getting it back under control, call PSA Computer Services at (707) 506‑6802. We’ll guide you through recovery and bolster your security.