Spoofed, hacked, or nothing to worry about?
February 11, 2015 7:37 PM   Subscribe

I've noticed periodic (every few months) messages/advertisements in my hotmail inbox. I then change my password. They appear to be from me (i.e., intrepid_simpleton@hotmail.com -- I use another name in hotmail.) I saw one this morning, and changed the password. This afternoon I had another one. Advice beyond changing the password (I use difficult passwords with capitals, punctuation, numerals, etc.)?
posted by intrepid_simpleton to Computers & Internet (9 answers total)
They aren't stealing your password, they're just spoofing your address. It's going to happen.
posted by Lyn Never at 7:44 PM on February 11, 2015 [5 favorites]

So this cannot harm me (or my computer?)
posted by intrepid_simpleton at 7:55 PM on February 11, 2015

Not unless you take action on the email. Email spoofing.
posted by xingcat at 8:03 PM on February 11, 2015

Making it look like you're sending email to yourself is a pretty common thing and doesn't mean anyone has access to your account. That's just garden variety spam email.

I don't use hotmail (it still exists? LOL) but if you've checked your password, the other two things to check are: 1- app permissions. Make sure you haven't given any sketchy websites or mobile apps access to your email account. 2- Usage history. If you're spotting IP addresses from places you haven't been to in combination with devices you have not used, then you would know someone has access to your account.
posted by AppleTurnover at 8:10 PM on February 11, 2015

Hotmail uses a system called SPF that allows Hotmail to say what servers are allowed to send email on behalf of an @hotmail.com user. Anyone can still pretend to send email from @hotmail.com, but the receiver can tell whether or not it's a spoof. Presumably Hotmail, when it receives an email claiming to come from itself, will check and reject email coming from an unauthorized server.

A weird thing about email is that a sender can say they are spammer@example.com on the 'envelope' and put intrepid_simpleton@hotmail.com on the email's 'From' line. SPF only detects when the address on the envelope is spoofed. However, putting the wrong email address on the 'From' line is a red flag for spam filters. Also, I don't know about Hotmail, but in Gmail when you get an email sent from one domain but with a different domain on 'From', it shows something like 'From: intrepid_simpleton@hotmail.com via example.com'.

A lot is up to the receiver on how to deal with these things, and I don't know much about Hotmail. But if the messages are showing up in your inbox, not spam, and there is no indication that the email came from anywhere besides intrepid_simpleton@hotmail.com, then there is a chance that the emails are not spoofed - meaning your account may be compromised. I don't want to be too alarming--email is complicated/crappy, and spoofing happens. But it is also possible that, say, malware on your computer is stealing your Hotmail login.
posted by domnit at 9:02 PM on February 11, 2015 [1 favorite]

It's called a "Joe Job". Some spammer harvests your email address from somewhere (often from address books exfiltrated via exploits), and then uses it on the assumption that contacts in that address book will recognize the sender and read the email. It sucks, but there's not a lot do about it.

The good news is that it's not evidence that someone has hacked in to your accout.
posted by dws at 11:02 PM on February 11, 2015

The big question: are the e-mails in your Sent items?

You need to check your account activity page.. If you see anything suspicious, you likely need to change all of these things:
1. Your account password
2. Your secret question and answer(s)
3. Your backup/recovery e-mail address.

If you see nothing suspicious, you can happily do nothing.
posted by devnull at 3:51 AM on February 12, 2015 [1 favorite]

Yeah, there's been a big wave of email address spoofing on our work email accounts lately - messages seemingly from oneself or one's online friends or business associates, so I presume some big spam creator is particularly active right now.

Various co-workers get riled up about it whenever a wave comes through, and they all change their FB and Twitter passwords immediately, anxiously thinking they've been hacked, or they demand the co-worker whose address has been spoofed change their password immediately. I don't tell them that's not actually the problem because, well, they'd probably not really believe me, and because it's good for them to change their social media passwords occasionally anyhow.
posted by aught at 7:13 AM on February 12, 2015

They call it Outlook now, actually. Lots of good information. Thanks!
posted by intrepid_simpleton at 7:29 PM on February 12, 2015

« Older Give me more muscle-tense-y suspensions   |   Help us honeymoon! Newer »
This thread is closed to new comments.