How To + Recommended

What to Do if Your Email Account Gets Hijacked and Sends Out Spam

Posted on by

It’s an event that we’ve probably all dealt with at one point or another, either on the sender’s or the receiver’s end: an email that clearly didn’t come from the person who supposedly sent it, hawking weight-loss supplements or “male enhancement” pills or some such nonsense. What causes these, and what can you do about it? The short answer is, it’s one of two things:

  1. Poor password hygiene
  2. Spoofing.

(Is a virus sending emails from your account? Click here for a free trial of Mac Internet Security X8 for protection from malware and viruses.)

If the problem is poor password hygiene, that means your account was hacked. Or your account has been spoofed, in which case someone has made it appear as if it’s been hacked.

A spam email one of Intego’s employees received from her friend just this morning.

There are a number of reasons that can explain how your account got hacked:

  • Your password was easily guessable
  • You entered your credentials into a phishing site
  • The website where you had your account had a security breach
  • Your hacked account used the same password as a different, breached site
  • There is spyware on your computer

You can tell if your account has been hacked if:

  • The recipients of the spam-email includes a bunch of people you know
  • You try to access your account and the password no longer works
  • You try to access the “Forgot Password” link and it does not go to the expected email
  • Your Sent Items folder contains a bunch of spammy emails you’re not aware of sending

(I’m assuming, of course, that you didn’t have a brain-spasm and temporarily misremember your account, or you didn’t have way too many drinks on Friday night before drunk-emailing your friends.)

If your account was in fact hacked, there are a few things you’ll need to do:

  • You need to change your password on the hacked site
  • You need to change your password on any other sites where you used the same username and password
  • You need to change your password on any sites whose information you stored in the hacked account
  • If you determine that you have been affected by spyware, once it’s removed, you will need to change all your passwords for all your online accounts and follow procedures for recovering from identity theft
  • If you cannot follow any of these steps because your account details have been changed, you will need to contact support for the website that provides your account so that you can regain control

There are two main ways to see if your account was spoofed:

  1. Get a copy of the email, including headers, and check the originating IP address to see if it was not one you could have been using
  2. If you’re receiving bounce messages from a bunch of email addresses for people you’ve never heard of

If your account was spoofed, they simply created an email that had fake details (usually the “From” or “Reply-to” address), and there is very little you can do to stop this. And what you can do is likely to be ineffective. In short, you’ll need to do the following:

  1. Take the IP address from the email header
  2. Contact the ISP for that address
  3. Ask them to block it

However, the spammer could be using a different IP address the next day, and the ISP could either ignore or deny your request (especially if the ISP is a shady one).

This is one of those cases that reminds us computer security is not just about protecting your machine from malware. There is a lot of data on your machine that is valuable to hackers, and attackers don’t necessarily have to go to the trouble of creating malware to get it from you. But the good news is, it can also be fairly easy to protect yourself by making a few simple improvements. Stay tuned – in a future article, we’ll talk about more ways you can protect yourself against common computer security hassles.

Protect your Mac against malware, strangers, and suspicious applications with Intego’s award-winning Mac Internet Security X8.