Spam from my account
August 14, 2014 7:51 AM

So, friends are receiving emails that appear to be from me. They are not from me. As far as I can tell, my accounts or machine have not been compromised. What now?

The emails have my name in the "from", my return address, and all are in the same format as my gmail. They look legitimate. They look like:
Good afternoon Joe Jones

http://somerandomserver.uk/bear.php?ryrqpu2563kxgpss

bob smith
..where "Joe Jones" is my friend's name, and "bob smith" is my name. I've had 2 examples of this email forwarded to me ("You hacked, bro?") and each has had a different greeting (Salutations, and Good Afternoon), and pointed to a different server url and pagename.php.

The end destination is another fairly random url, with a shitty diet website ("THE DOCTORS")

My Google account activity shows no unusual logins. I am pretty good about keeping different, complex passwords for all accounts, and at any rate, I've changed my Gmail password.

I do not have a home PC. My work PC is pretty heavily protected via a few layers of firewall, and a pretty ferocious security team. Certainly, anything is possible, but if this machine was sick and sending off messages I really think they'd know. I'll re-image this machine if I have to, but it would be a hassle I'd like to avoid.

I have an iPad and an iPhone. Could I (or my wife/kids) accidentally said yes to something on an app that could result in this?

What else is there? What am I not thinking of?
posted by dirtdirt to Computers & Internet (6 answers total) 2 users marked this as a favorite
1) Compromise address book
2) Select two random addresses in that address book
3) Send an email from one and to the other

Just saying it doesn't have to be you, or your friend. It might be someone who has both of you in his/her address book. "Address book" could be on a mobile phone, social media, something that's been given permission via oauth, webmail, compromised desktop machine... sorry, there's a lot of attack surface here, as email addresses are semi-public information.

Maybe the source of the email might give you a hint (it's in the headers).
posted by Leon at 7:55 AM on August 14, 2014


Sounds like you're getting Joe Jobbed. It's a thing that happens when spammers fake their From: address, and you might not have ever done anything wrong but have an email online that was scrapped by a spammer somewhere.
posted by mathowie at 7:56 AM on August 14, 2014


I think you'd need to include the complete headers for anyone to be able to say that it's the account that's compromised instead of simple From: spoofing.

If you don't have two-factor auth turned on on your Gmail, your account could be compromised, especially if you've used the Gmail password along with your address as logins on other sites whose databases have leaked.
posted by tomierna at 7:57 AM on August 14, 2014


you can also see where/how you've logged into gmail recently via the scroll down and bottom right "details" link under "last account activity". Check to see if you've logged in from anywhere strange.
posted by k5.user at 8:14 AM on August 14, 2014


What mathowie said. If anyone has ever received an email from you at any time, your address is saved on their computer/phone somehow and can be swiped by a spammer.
posted by Melismata at 8:16 AM on August 14, 2014


Thirding the Joe Job. Happens all the time. And there's not a damn thing you can do, except tell people to ignore it.

Note that you can tell real vs fake emails apart by looking at the headers. A proper email will show a trail for the email leaving the sender's computer, going through their ISP's servers, going through your ISP's servers, and finally arriving at you. A faked email will have weird things going on in the beginning of that sequence.

If you don't know how to view headers, google for "view headers [your email program name]".
posted by intermod at 10:27 AM on August 14, 2014


« Older What safety issues should I worry about with a...   |   Please recommend a good windshield or dashboard... Newer »
This thread is closed to new comments.