Source of spam emails

For a couple of months, I’ve been getting spam emails that show every indication of having been sent by someone I know - name, email and headers are all correct, and there are no signs of spoofing or spam-bombing. They are correctly addressed to one of my email addresses and include my name. Every one consists of a short web link in the body with a subject line of “Re:”.

What is the likely source of these spam? I don’t have any third-party email accounts except for a seldom-used Comcast account, and a GMail account that has no contact information embedded in the profile. All else are domain-name hosts. I can’t figure out where my contact list would have leaked or become accessible.

Their account was hijacked and spam was sent to everyone in their address book.

Their account information was probably obtained from a hacked Web site where the victim used the same username and password as their email account, or the same password as the email account and the email address was associated with the Web site.

Happens all the time. I get about 1 a month from various friends.

Contact your friend(s) and tell them to change their email password to something extremely unique.

+1 to above. My wife’s account got hacked last week and everyone in the address book got an email.

If I were a hacker, the first thing I would do is read the email to identify what other services the person uses (Paypal, Facebook, etc) and then try to use the hacked password to log in to those sites as well.