Edward McCrea is “ getting returns of emails I didn’t send… How do I prevent this?”
What’s worse than getting spam? Unwittingly sending it. When bogus and probably malware-laden advertising goes out in your name, you look bad. And you get flooded with bounced messages from dead addresses that some crook attempted to spam in your name.
The good news: You’re not sending out spam. Neither is your computer or your IP address. But the bad news can still be pretty bad.
[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to firstname.lastname@example.org.]
If spam is going out from your email address, the address has been either spoofed or hijacked. Either way, the spam isn’t going out from your computer, and probably not from the criminal’s computer, either. It’s probably going out from an unknowing victim’s malware-infected PC.
Spoofing an email address is, in a sense, forging it. The criminal sends out mail with your From address, even though they have no access to your account.
There’s really no solution to spoofing. Fortunately, for their own reasons, cybercrooks tend to change spoofed addresses frequently. The annoyance will disappear soon.
Hijacking is worse. In this case, the criminal takes control of your account. They can read your mail, and they can target people you know when they spam. And they can lock you out of your own account.
Fortunately, you can do something about hijacking.
As soon as you discover that your address is spamming people, try to change your password…immediately. If you succeed, you’ve fixed the problem.
But if your mail service rejects your password, the problem is serious. The hijacker has changed the password first and now controls your account.
If you’re still connected and can receive mail, try to login on another computer or using your browser’s private mode. When the login fails, try the service’s “Forgot your password” or “Need help” link. The service will email you a new password. Hopefully, you’ll get it before the bad guy.
If that fails, you’ll have to contact the mail service and discuss the problem. Here are the links for Gmail and Microsoft’s Outlook. If you’re using another service, you’ll have to find the right address yourself.
Have you been using the same password for other services? If so, change them as soon as possible.
Once you’ve got everything under control, email apologies to everyone who received, or might have received, spam apparently coming from you.
Finally, follow these steps to make sure this doesn’t happen again:
- Use strong, long passwords that people can’t guess.
- Use different passwords for different services, and keep track of them with a password manager.
- Set up 2-step verification for your service. You should find instructions on the service’s setup or options screen.
- Never email your password to anyone, and I mean anyone.
Shortly after I wrote this article, my daughter's Gmail account was hacked, and everyone she knew received messages telling them to "Click on the document below and log in with your email and password to view it." I gave her the Gmail URL above, and within a few minutes she had her account back.