When you get an email that appears to be from a friend, that contains an enigmatic message and a link to an ad or some sort of come-on, and obviously didn't come from the friend, that sometimes has a long send-to list, what is that? What should you advise the friend? Does anyone know? From time to time this happens to me, and I never know whether I need to warn the friend or even inform them. Do any of you computer ninjas out there know about this?
Thanks for any help—
Mike
Flickr page / New Yorker author page
Original contents copyright 2023 by Michael C. Johnston and/or the bylined author. All Rights Reserved. Links in this post may be to our affiliates; sales through affiliate links may benefit this site. As an Amazon Associate I earn from qualifying purchases. (To see all the comments, click on the "Comments" link below or on the title of this post.)
Featured Comments from:
Luci: "The 2FA [two-factor authentication —Ed.] is a very good path to go down. Let the friend know of the email misshap via a different 'channel' (i.e. not email). Always, always look at the actual email address sending the email (in your email client check something like 'Show original' and if the name and email username don't agree—mail from John Smith <[email protected]> —mark it as spam. Let the friend know that an antivirus is useful. If they have one, recommend them to start with a full disk scan."
psu: "For what it's worth, it is very easy to forge email from any sender you want because in most email systems the From and Sender headers are not authenticated in any way. So it's not necessarily the case that your friends' accounts are hacked; it's just that someone else copied their address out from some other source and forged a message to you or others using it. Unless there is some reason to believe that the mail account was actually hacked/stolen somehow, it's probably best to just delete and ignore this kind of forged message."
Always let your friend know. Most appreciate it and you get an early "heads up" in case they decided on a new career selling Amway.
Posted by: Daniel | Sunday, 22 January 2023 at 11:38 AM
What this means is usually that their address book has leaked. Many ways this can happen, for instance social networking site wishes access to address book to know who your contacts are, then leaks from social networking site. Also may be that their credentials for social networking site have leaked.
Spammer then (buys these address books and) forges messages 'from friend' to their contacts.
This is different than what social networking sites do already in ways which escape me.
They should change their passwords at minimum.
Posted by: Zyni | Sunday, 22 January 2023 at 11:39 AM
I would periodically receive such an email from another lawyer I knew (a sole practitioner) but rarely corresponded with, and called him up (did not send an email) to tell him that his email account had been hacked, again.
Posted by: Chuck Albertson | Sunday, 22 January 2023 at 11:59 AM
You can give them a heads-up if you have an alternate means of contacting them. It's possible that their email account is compromised which means that any reply you get could be from whoever took over their account.
If you can contact them via other means, just suggest that they change their email password. That password should be exclusively for their email account. Too many people use the same password for multiple services. All it takes is for one of those accounts to be compromised and the rest fall like dominoes when they're all "protected" by the same password.
Posted by: roger | Sunday, 22 January 2023 at 12:17 PM
Absolutely means your friend’s account may have been infected (the email From address could also have been forged, but it’s less likely). Do not respond, engage, or load any images but let your friend know, through another channel, to change his passwords everywhere (not just the email account) and enable 2FA everywhere possible.
Posted by: Alex Buisse | Sunday, 22 January 2023 at 01:04 PM
Mike: When you get an email that appears to be from a friend, that contains an enigmatic message and a link to an ad or some sort of come-on, and obviously didn't come from the friend, . . . [w]hat should you advise the friend?
Suggest that your friend change his or her mail password, but not by replying to the message you received and preferably not by composing a new message and sending it to the friend’s address—because either could result in offering up your address to the perpetrator. Best course of action: phone the friend and describe the message you received. And, needless to say, don’t click on any link in the suspicious message. But you already knew that last bit.
Posted by: Chris Kern | Sunday, 22 January 2023 at 03:02 PM
Immediately mark that email as junk, move it to the junk folder and immediately erase it.
I am a highly experienced receiver of junk mail and phishing because I have had the same email address for 31 years now. It seems to be on every junk mail list sold to every scumbag that uses these methods of finding suckers. I have also had at least half a dozen organizations I am affiliated with get hacked and that adds to the lists. I often get span that shows I was the sender - it's so easy to fake that in email.
If you want to see the actual email sender's address, carefully click on the arrow that appears at the end of the address if you use Apple Mail and it will show you the sender's address which can easily be faked.
Likewise if you hover your cursor over a link it will show the actual link and you will be surprised at some of the addresses - many end in .ru for Russia.
It's usually not worth telling somebody their email address is being used for spamming. The people who started the IP standards were scientists and engineers who never thought that their system could be used for nefarious purposes. Ain't that a good laugh.
There is only one surefire way to stop spam - charge per email. If you charge even a penny (Bill Gates says ten cents) it becomes much less profitable to the scumbags sending out millions of these emails daily. Unfortunately ISPs balk at this - it could cost them a lot of revenue since those spammers represent the majority of their customers.
Posted by: JH | Sunday, 22 January 2023 at 03:16 PM
Let them know that they've been hacked, Mike. That way you are being a caring, concerned friend.
Posted by: Nick Davis | Sunday, 22 January 2023 at 03:22 PM
While you are telling your friend about being hacked, suggest they get two factor authentication, or 2FA for their email. Google requires it for their employees. And their employees email accounts basically do not get hacked.
As for the commenter whose sometime lawyer was hacked repeatedly. Sigh. Lawyers have a duty of competence, including in using technology. Having email hacked repeatedly means their IT practices are ... not competent. To say the least. What client confidences were compromised by the hack?
Posted by: James | Sunday, 22 January 2023 at 04:53 PM
It's never from the person it looks like it's from. Like Facebook account cloning (the "Facebook hack"), it's all about creating false trust.
One's address book, or Facebook friends list, is a valuable commodity for creating false trust, which is then used by criminals.
Everyone's Facebook friends list should be shared ONLY with friends, not public.
Posted by: John Shriver | Sunday, 22 January 2023 at 06:34 PM
This why I get annoyed when I've joined some sort of social organisation (a writer's group, a motorcycle club, etc) to find they send out emails to everyone without using the blind carbon copy field for all the addresses.
In one case they sent out my address and phone number, too. It needs just one insecure computer amongst 30 or 40...
I was once in a voluntary group trying to get some building work done for a local charity; I had useful experience. There's one person in that group who I did not want to have my email address, and they got it with the very next email, along with everyone else's. I left the group straight away and the charity lost the use of my experience.
Posted by: Roger Bradbury | Monday, 23 January 2023 at 01:01 PM