If you are getting spam from your friends, or your friends are getting spam from you – or you are getting spam from yourself – or at least it seems that way – you may be wondering how the spam appears to be coming from you or your friends. A likely reason is that someone you know’s address book was compromised. Here’s one way to tell, and how they do it.
First, it should be very easy to tell that spam that appears to have come from a friend or acquaintance isn’t really from them, because usually it’s blatant spam. The reason to have it appear that it comes from a friend is two-fold: first, to help get past your spam filters, and second, to encourage you to open the spam. The spammer may be hoping that once you see what’s inside, you’ll click on it, or they may be getting paid by the number of people who open the spam – or the spam may contain malware.
First of all, the email address is not actually that of your friend.
So how did the spammer get your friend’s name, to spoof that it was from them?
Often it is the case that the spammer has acquired your friend’s email address book, or the email address book of someone with whom you share a mutual friend. This is what happened in our example.
Then the spammer spams everyone in the address book, using someone else in the address book as the sending “from:” name. Or, the spammer spams everyone in the address book, using the same “from:” name as the “to:” address – this is one way that you can get spam that appears to come from yourself.
Second of all:
But the key to how it happened is here:
That little drop-down dispays the full cc: list. Now, these screenshots are from Gmail, but any email program will show you to whom the spam was cc:ed.
Now, as it happens, we recognized several mutual friends in this cc: list, as well as some email addresses that were clearly those of commercial businesses. That almost certainly meant that one of our friends’ address books had been compromised. And it took only a little sleuthing to figure out which of those friends had done business with the commercial businesses, which gave us a nearly 100% confidence as to which of our friends’ email account had been compromised, and the address book scraped.
In this particular case, it was a Gmail account that was hacked. This is not surprising, because Gmail is a regular target for hackers, because spammers and other cybercriminals love to get into Gmail accounts – after all, it gives them access to all kinds of Google goodies along with the email. And this is why you should set up 2-step verification for Gmail (as well as setting up 2-step authorization everywhere else that you can).
In fact, it was disclosed in September that at least 5 million Gmail addresses and passwords were leaked on the Internet. But really no email service – especially the free email services, such as Gmail, Yahoo, Hotmail, AOL, etc. – is safe from attack.
The next time you get spam that seems to come from a friend, see if you can’t do a little sleuthing yourself, and see if you can figure out which friend’s email account and address book were compromised, and then let them know.
|Get notified of new Internet Patrol articles!
You might also like some of our other articles: