Ask Kurt: How is it possible that your friends are getting spam email from you?

Sometimes your friends and family will receive spam from your email. Kurt "CyberGuy" Knutsson explains what is going on and how to keep your information safe.

Do you ever wonder how spammers can send you emails that look like they are coming from your own account or someone you know? You might think that your email is hacked or that your friend’s account is compromised.

The truth is, these types of deceptive emails aren't really coming from those addresses. They're just pretending to be them. This is called "spoofing," and it is an effective phishing technique used by scammers to trick you into opening their messages, clicking on harmful links and giving away your personal information.

Take these two instances from Linda and James, who both experienced this spoofing scam firsthand and are sharing how the attempted attacks unfold.

"I have been receiving spam, like everyone else, but what I've noticed is the spam is coming from and to my email address. I suspected it was coming from my server, but there's no trace of the emails in the sent logs. How is this possible?" – Linda, Barnegat, New Jersey

"I have been receiving spam emails from a friend of mine. It has their email address in the from field. My friend told me they never sent this. How are spammers able to send emails from other accounts?" – James, Tampa, Florida

Great questions. It starts with a scammer faking an email address to make it look like it's coming from someone else. It is a simple and dangerous way for scammers to deceive you.

They can get your email address or your friend's email addresses from data breaches, websites, social media or public directories. Then they can use them to send you phishing emails that seem legit.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

MORE: DON’T FALL FOR THAT DECEPTIVE EMAIL ASKING FOR YOUR HELP

When an email comes from your own address, it is likely to avoid being labeled as spam. Instead, the message will typically go straight to the priority inbox since your account thinks it's from you. This makes you much more likely to view the email.

The scammer also will use your own address to convince you that they have access to your accounts. Many times, the goal of these emails is to attempt to steal your sensitive information or take your money. The reasoning is similar for why they may use a friend's email. You are more likely to click on a link from a friend rather than from a stranger.

IS ALEXA SECRETLY LISTENING TO YOUR PRIVATE CONVERSATIONS?

The scammer may threaten you, claiming to expose your personal information. And when you see they sent the message from your own email address, you may believe that they do have access to your email account.

Sometimes, the scammer may also show a phone number or password of yours to scare you further. In reality, they do not have access but have purchased this information from a data leak or dug your private info from nefarious crevices on the dark web. It is an attempt to trick you into paying ransom for information the scammer does not actually have.

MORE: HOW TO TELL IF YOUR PHONE HAS BEEN HACKED

MORE: DON’T FALL FOR THIS LATEST ANTIVIRUS PROTECTION SCAM

If an email looks a bit off, you should always play it safe and not click on it. You can also check the sender’s address, the subject line, the spelling and grammar, the attachments and the links for anything suspicious.

Ask the friend who supposedly sent the message about it. If they don’t remember sending it, then it is likely their account was spoofed or possibly hacked.

GET SECURITY ALERTS WITH THE FREE CYBERGUY NEWSLETTER - CLICK HERE

If you find signs of spoofing on your account, you should first check your "sent" folder. If you see suspicious emails in the folder that you know you haven’t sent, it most likely means your account was hacked. You should change your password immediately and report the incident to your email service provider.

You should also check your account settings for any unauthorized changes. If you see nothing, it is most likely just spoofing. Even though it may feel like your account is exposed, in reality, it is not. Remember to stay vigilant, though, and never to click on suspicious links.

HOW TO AVOID BEING A VICTIM OF THIS SNEAKY FACEBOOK MARKETPLACE SCAM

If you receive a spoofing email, do not click on any of the links, attachments or images within the message as it could expose you to a phishing scam. These links, attachments or images may contain malware that can infect your device or direct you to a phony website that looks exactly like the real one but is designed to steal your personal information.

Keeping hackers out of your devices can often be prevented when you have good antivirus protection installed on all your devices. Having antivirus software on your devices will help make sure you are stopped from clicking on any known malicious links, attachments or images that may install malware on your devices, allowing hackers to gain access to your personal information.

ARE YOU PROTECTED? SEE THE 2023 BEST ANTIVIRUS PROTECTION WINNERS

MORE: MASSIVE CYBERATTACK STRIKES MILLIONS: ARE YOU AT RISK?

Always make sure your passwords are strong and complex. You should also change them regularly to be even safer. Consider using a password manager to generate and store complex passwords.

Creating alias email addresses can help prevent spoofing by making it harder for spammers to guess your real email address and impersonate you. Creating various email aliases allows you not to worry about all your info getting taken in a data breach. An email alias address is also a great way for you to stop receiving constant spam mail by simply deleting the email alias address.

To find out more about upgrading the security of your email, click here.

One way to try and proactively stop scammers is to check if your information was sold on the dark web. If you get spoofed, it is likely one of your addresses and maybe other information was part of a data breach and purchased by a scammer.

To check if your personal information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website searches to see what data of yours is out there and displays if there were data breaches associated with your email address on various sites. You may have even received an email from the website already, saying that some of your data was stolen and that you should look into this immediately, if that is the case.

8 WAYS TO KEEP SOMEONE YOU KNOW WHO LIVES ALONE PROTECTED

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

See my tips and best picks for removing yourself from the internet here.

10 TELLTALE SIGNS THAT SOMEONE HAS STOLEN YOUR IDENTITY

Email spoofing is just the wave of phishing scams meant to trick you into giving scammers your personal information so that they can steal your data and your money. These scammers are masters of disguise, yet you can outsmart them by carefully examining suspicious emails, verifying with your friends any emails you receive from them, and taking steps to protect your online presence. By being proactive, you can keep your inbox safe from the clutches of these deceptive crooks.

Have you ever encountered a situation where your email address was spoofed? What did you do? What was the outcome? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Copyright 2023 CyberGuy.com. All rights reserved.

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.