Help me understand this phenomenon. Good guesses are welcome.
In 2014, I started getting fraudulently addressed emails sent to my account.
I don’t mean merely that they had forged “From” headers, that’s nothing new. What made these different was that the attributed full names were people I knew and with whom I had exchanged email messages in the past. But the email addresses themselves were not their email addresses.
Example: suppose I’d been sending and receiving emails with my friend Joe Blow for eons, and that Joe Blow’s email address is joe.blow@his.isp.com; in 2014 I started getting emails that showed up as coming from Joe Blow <bullshit@spamalot.com>.
MY THINKING:
• Isn’t a virus on my machine. TLDR on that is in the spoiler below.
It doesn’t seem terribly likely that this is due to malware on my computer snagging names from my address book. I’m on a Mac. I’m not saying Mac viruses aren’t possible but if your inclination is to say “you’ve got a virus, dude”, I want to see some links to authoritative web pages stating that there are MacOS viruses in the wild that can infect your computer and behave this way. MacOS-centric message board opinion is that as of yet there still aren’t any, just a few proof-of-concept exploits and some trojans that you have to launch and provide password in order to install. In the latter category — trojans I might have been spoofed into installing —I’m not aware of any that behave in this specific way, harvesting email fullnames and using them to send spam back to the person. Let’s see, what else? Well I still use Eudora. The old version, Eudora 6, not the Thunderbird skin that got labeled Eudora 8. It’s now considered pretty ancient and doesn’t seem a likely target for malware designed to harvest email information.
• Although I’m not quick to conclude that my ISP got their site hacked, it’s a possibility. I don’t maintain a web-based address book and I use POP email and my emails are deleted from the POP server after fetching them. That still leaves the possibility that a) my ISP’s records of sent and received emails was hacked and that b) they obtained the list of full names in conjunction with my email address from that list.
• It seems even less likely that either one of my friends or the ISP of one of my friends got hacked. The real email addresses of all these different spoofed friends are quite different from each other — some yahoo mail, some aol, some gmail.
ADDL INFO
• Some subject lines they’ve used: “Re: Hello” / “Fwd: news” / “Fwd: For AHunter3” / “news for AHunter3” / “Ahunter3 estimate this” / “From {sender name}” / “Fwd:”
• No attachments.
• They all have links, some of which appear to go to healthspam sites, some of which go to education-institution sites, some of which go to video-on-demand viewing sites… or so I gather from the URLs. (I didn’t go there)