You may have had a friend, or even a stranger, let you know that they’ve received an unsolicited email from you. Or, you’ve received an obviously spammy email from yourself! At first glance you may be concerned that your account was hacked, or that you have a virus infection that’s sending out emails.
While both are valid concerns, it may not be the case.
Spammers accumulate email addresses from all kinds of sources. This can include social media, phishing websites, and software designed to automatically search the Internet for email address and collect them, a practice called scraping.
In most cases spammers simply spoof your email address in hopes that people open the emails. This can be done by either using your actual email address but sending the emails from their own servers and software (not from your account) or by using your name, but a fake email address.
The latter is a little more difficult to spot and requires that you look at the email’s ‘headers’, the detailed information about how the email was sent and the actual address and servers used. This may reveal something completely different from your actual email.
While there’s not much you can really do to stop spammers from spoofing your email address, there are a few general steps I’d recommend to keep your information safe.
First, change your email password. Make it complex, and don’t use it anywhere else. Passwords are your first line of defense in protecting your accounts and identity. Once a criminal has access to your email account, not only can he send email from it, but can also use it to reset other passwords and steal additional information. Change your passwords on a regular basis.
Second, be conscious of where you share your email and other personal information. Your business website, forums, social media and other locations can be scraped as discussed above.
Lastly, make sure your spam filtering, antivirus software and web content filtering are working and up-to-date. This will help protect you against phishing emails and websites that attempt to trick you into giving up your personal information.
Being the victim of email spoofing is frustrating and can even be harmful to your reputation. Once the spammers have your email address, there’s not much you can do, so do whatever you can up front to protect your information.
Need more information about protecting your company’s data and your identity? I’ve written several whitepapers and reports to help you out:
Here are a couple of related articles: