I am really worried about this. it seems someone is sending out spam using my email address.
I changed my email address and checked all my firewalls. I do not know how this could have happened.
They sent out a message using my email address to everyone I know saying that I bought a mobile phone and referring them to www.yorist. Any advice?
If it’s just your name, you’ve been Joe-jobbed. Either the spammers have guessed your email address randomly, stolen it from somewhere, or you’ve accidentally given it to them. If it’s your server that’s been hacked, that’s quite a different kettle of fish.
Not just my name. My email address.
Not joe-jobbing. They used my address book and I have many returned email emails because my address book is out of date
backscattering? But this shows I sent these messages on my sent email.
send a message to everyone on your address that it’s a scam and to ignore it.
If they’re sending it to people in your address book like that, then they obviously have access to your address book. If the address book is on your computer (in Outlook or Thunderbird, for example), then that means they’ve got access to your computer. If it’s a web-based address book (Hotmail or Google Mail), then they’ve got access to your account.
In either case, you should scan your computer for malware and change your online passwords.
It is possible that you weren’t hacked, but one of your recipients has been. Consider that Alice and Bob are friends, and communicate regularly through email. Bob gets hacked and his contact list is stolen, or an email with a joke that was forwarded 20 times gets harvested and the spammers use Alice’s email address as the sender of the email.
It is quite possible that Alice and Bob have many email addresses in common in their contact lists. Say, for example, that Alice and Bob have a mutual friend, Charlie, who has changed his email address, and neither Alice nor Bob have updated their contact lists. Thus, even though it is Bob’s contact list that is being spammed with Alice’s email address as the sender, Alice would still receive the rejection notice for the email sent to Charlie at the incorrect address.
Alice can try to determine if her contact list is actively being used as a list for spammers by creating a bogus contact, and then seeing if she gets a rejection notice for that person. Since that bogus email address is not in Bob’s list, if she gets a rejection notice for that address, then it is clear it is her account that has been hacked.
No hacking is required to send email that appears to be from you. Email headers are not secure and anyone can send messages with an arbitrary From address. What most likely happened is that someone with your email address in their address book got some spyware that copied off the addresses in it and that list is being used for spamming, with people placed into the From field to make the messages appear as if they’re from a trusted source.
In any case, you should check your system for spyware and change your e-mail passwords as a precaution, but if your machine was not compromised to begin with you will still receive the bounceback messages.
To clarify: When you go to your Sent box, you have copies of these emails?
Since this process is most likely automated through a malware script installed either locally on your computer or on your server, a comprehensive scan of your computer to root out the malware and a change of passwords on your online accounts should be all that’s required.
Keep in mind that if they have hacked your webmail address, all your account information as well as your received e-mails may have been spidered. Normally this does not pose a threat, since the spider does not know what it’s sitting on and just seeks to self-propogate, but all your online accounts for which you have received confirmation e-mails may have been compromised. To be safe you should change logins and passwords for any and all sensitive accounts, starting with your e-mail.