Periodically, I will get an e-mail from someone that only contains a link. I once clicked on it and saw that it was an ad. I learned my lesson, I hope, and trust that I didn’t inadvertently forward access to my own e-mail list. And always, I notice, there are other recipients listed, obviously from the sender’s e-mail list. I understand that something, someplace, has been compromised, but how? where? And if someone apprises me that I have “sent” them such e-mail, how did it happen and how do I stop it?
If an email is sent and it looks like it came from you and it really didn’t, the most likely case is that the compromise occurred on a computer that has your email address on it somewhere, such as the address book for the email client of someone you know. Another possibility is that someone broke into a webmail account of someone who has your email address. ETA: Then the culprit sends spoofed emails (with ads, viruses, whatever) using the harvested email addresses as the “from” addresses.
If that happens, there is nothing you can directly do about it. The email standards used today were developed before there was much concern about security, spoofing, and viruses, and allow the sender to identify themselves however they want. There is no check that the email is really coming from who it claims to be.
I’m talking about e-mails that come from someone else. I am aware that if I get an e-mail that appears to have come from me, and I know I didn’t send it, that something is amiss. But if I get mail from someone that is addressed to me, then that person’s computer has access to my e-address. So do I, therefore, have a problem, too? Will my e-mail address then be used to send phony e-mails to others? If I discover that my e-mail is sending out these phony messages to others, can I run some anti-virus software and stop it?
I have access to your email address. Anyone has access to your email address. Just like anyone can randomly type in a phone number on a phone keypad and they could have your phone number. Your email address is not a secret nor is it some sort of portal to your computer.
If you get an email from someone you know and the content of the email is simply a link, or a few lines of text with an obvious spam link, the issue is on their end. 99% of the time the case is that they use Web-based email (Gmail, Hotmail, Yahoo, etc) and their email account was compromised - someone got their password - and it was used to send spam. The spam was sent to everyone in their address book, which is better than just random spamming (“better” for the spammer) because you are much more likely to open and click on email from someone you know.
The person who owns the sending account needs to log in to the account and change their password.
Usually this breech happens when the person uses their email address and/or email username as a login on a Web site and the same password as their email. The Web site’s user data is hacked in to and now hackers have a list of usernames and passwords. They then can go to all of the popular web mail outlets (Gmail, Hotmail, Yahoo) and try all of the usernames and passwords they have. They will get a lot of hits.
I get emails like this about 4 times a year. I talk to the sender and explain what happened and get them to change their password to something completely unique. The problem never repeats.
I do have 2 friends that no longer use the email accounts that are sending out spam so I get a couple emails from those accounts per year. I know to ignore them.
Anyway, you don’t need to do anything. You can tell your friend to change their password, though.
Short and real answer: it’s them. Their email has been hijacked. You could kindly reply and inform them. I’ve had it happen to me. They have to clean their computer. ccleaner is a good one.
This just happened to me - again - with yahoo mail. Luckily a friend let me know, although I would have found out quickly enough because I have my other email addresses as contacts in yahoo, so I changed my password and sent out apology emails to every contact. I just did it as one or two mass emails using bcc which I usually do if I’m sending to more than a couple people.
I was surprised that quite a few people sent back emails saying they hadn’t gotten any spam. My hotmail did, my gmail didn’t.
What was strange was that today, three days later, the iPad wouldn’t let me on my yahoo mail until I changed the password again, telling me the account was compromised. I could get on through yahoo on safari, but not through the iPad mail program.
But yeah, somehow, somewhere, it was I.
Why don’t they change the password, not letting you recover the account? I don’t think they’re being nice.