Eugene's observations

Discoveries to share by 1ComputerCare
« Internet speed performance problemsComputing safely while travelling overseas »

Spoofing e-mail sender's address

15/07/14

Spoofing e-mail sender's address

Permalink 10:49:00 am by Eugene Gardner, Categories: Security, Articles

Picture this: you receive messages from people asking you to stop sending them invitations to buy anatomy enhancing medications, or send them money as they have been stranded overseas, or maybe just a link to a website that discharges a virus when visited.

The problem is that a bad person has got hold of your email address and has spoofed it by placing it in the From: field of an email message.  By using your address rather than their own they make themselves less identifiable and their poison pen messages less likely to be trapped by spam filters.

What's worse, these messages often get sent to people you know.  The real sender tries to rely on your good name to convince the recipients to follow their evil plan based on your trusted character.

How did this happen ?

  • Perhaps you use the same password on more than one website and one of those got hacked.  Hacked (often big name) sites are a daily occurrence as evidenced by my Twitter feed.
  • Perhaps your email provider's database was compromised (e.g. AOL most recently) and any contacts list copied.
  • Perhaps anyone who has ever corresponded with you has a computer that was attacked by a virus that harvested the email addresses in the From:, To: and CC: fields of all their messages.  Perhaps their address book was stolen too.

What can you do about it ?

If you use the same password in more than one place change them for unique complex (more than 10 characters including upper case, lower case and numbers) passwords.  You don't have to remember them as long as you use a (possibly free) password manager as explained in my earlier blog post.

Change your email account password - this is just precautionary but it can't hurt. Remember to update any mail clients you use with the same password.

Forward this blog entry to anyone who contacts you. That way they will understand that this problem is most likely not of your making and there is absolutely nothing you can do about it once your credentials are in the hands of a criminal.  Quite soon the bad people will not have any value in your email address as it has been used so this problem will naturally end.  

Yes it is a pain but it is such a common part of life today that most people are aware of the issue and are in a position to empathise

PermalinkPermalink

Trackback address for this post

Trackback URL (right click and copy shortcut/link location)

No feedback yet

Click here to return to the 1ComputerCare home page.

This is designed to supersede the newsletters that I just don't have time to produce to the standard I would want any more. Please register so that you may read and leave comments and subscribe to have posts automatically e-mailed to you.

Comments and suggestions are always welcome.

User tools

Search

November 2023
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Contents

XML Feeds

What is RSS?
Complete website engine