What is being hacked here?

We’ve been getting some phishing emails, purportedly from people we know, and I’m trying to determine where the problem might be. But here’s the glitch: one came from a friend of my wife’s, who is not in our email address book, nor on my wife’s Facebook page. Another is from a niece of mine who is also not in our email address book, but who IS on MY Facebook page. I don’t correspond with this niece (other than once, quite some time ago), so I wouldn’t think that there is an email history cache for her. My wife’s friend probably has our email address in her contacts list. So where is the hack taking place? If it’s not my account, then I suppose both of their accounts could be compromised.

Running Outlook on Windows 7, if that makes any difference, and have IObit virus program plus the Windows security. I’m also using a router, which I think provides an additional firewall.

Just like with paper mail, you can send email “from” someone you’re not. It’s possible none of you are compromised. Run Malwarebytes and change your passwords just in case.

None of you are “hacked”.

Malwarebytes shows no problems. This is something recent and there are four people from three different locations as return addressees. Seems odd, is all.

Have you got a Yahoo mail account? I’ve started suddenly getting spam messages supposedly from me or my contacts - I think my Yahoo mail account got hacked somehow.

Sounds like I’m having the same problem as you (my thread is here)

FWIW, when the whole Playstation Network hack happened, a short while later I found that someone was sending spam from my Live/Hotmail account (which had the same username and password :smack: ) Luckily I only had a handful of contacts so the damage was minimal.

Yahoo Mail has recently suffered repeated XSS exploits - in short, some users are clicking on those links, and the links trick Yahoo into sending more spam to those users’ contacts. There’s a recent article here that suggests Yahoo is having trouble dealing with it.

I do. It’s only for the FB account (my wife has her FB on our primary email account) and there’s no address book. I guess this will remain a mystery for the time being.

It’s not weird that someone you know has your email addresses in a contact list, even if you do not have theirs.

Or even if you’ve never sent email to them or received email from them, you may have been part of a shared giganta-CC (carbon copy) list and that list is now in the hands of a spammer.