Q. I received one (and only one) warning from a friend that she had gotten a “this might be of interest” email from me and said I was hacked. Nobody else I have asked got it. Is there a way to verify I have been hacked before I go through the trouble of changing my primary email address?
A. If only one friend received such a message and you can still log into your email account, it’s more likely a spammer is “spoofing” (forging) your address and has not fully hacked in to take control of the account. Spoofing is a popular way to evade junk-mail filters and get you to open the message — and possibly click on a fraudulent or malware-loaded link. The forged address also lets the perpetrator avoid bounce-back messages to a traceable account.
Unfortunately, there’s not a lot you can do about a remote spammer’s sticking your address in an email “From” field. Your information may have even been collected from the contact list of the person who reported the suspicious message, if that person’s computer is infected with malware. Spammers can also grab working email addresses from public posts you’ve made online, as well as from mailing lists or web pages.
Warn your acquaintances that someone is spoofing your address. If you get a curious message from a friend yourself, you can check the email header information to see if the account was truly hacked. In your mail programs options, settings or view menu, look for a “show original” or “view message header” command to see the message’s path across the internet. If the Authenticated Sender line in the header information shows that it did come from the address in question, the mail account has been compromised because the message was sent with the user’s name and password as verification.
To maintain your own mail security, change your account’s password on a regular basis and run malware and antivirus scans frequently to catch anything that may have sneaked onto your system. You may also want to avoid making posts in online forums with your primary email address and use a secondary, “throwaway” email account when signing up for mailing lists and other places where your information might be shared with others.
Personal Tech invites questions about computer-based technology to email@example.com. This column will answer questions of general interest, but letters cannot be answered individually.