« Open Mike: One More Wee Piece of Advice (OT) | Main | I Don't Want to Farm »

Sunday, 22 January 2023


Feed You can follow this conversation by subscribing to the comment feed for this post.

Always let your friend know. Most appreciate it and you get an early "heads up" in case they decided on a new career selling Amway.

What this means is usually that their address book has leaked. Many ways this can happen, for instance social networking site wishes access to address book to know who your contacts are, then leaks from social networking site. Also may be that their credentials for social networking site have leaked.

Spammer then (buys these address books and) forges messages 'from friend' to their contacts.

This is different than what social networking sites do already in ways which escape me.

They should change their passwords at minimum.

I would periodically receive such an email from another lawyer I knew (a sole practitioner) but rarely corresponded with, and called him up (did not send an email) to tell him that his email account had been hacked, again.

You can give them a heads-up if you have an alternate means of contacting them. It's possible that their email account is compromised which means that any reply you get could be from whoever took over their account.

If you can contact them via other means, just suggest that they change their email password. That password should be exclusively for their email account. Too many people use the same password for multiple services. All it takes is for one of those accounts to be compromised and the rest fall like dominoes when they're all "protected" by the same password.

Absolutely means your friend’s account may have been infected (the email From address could also have been forged, but it’s less likely). Do not respond, engage, or load any images but let your friend know, through another channel, to change his passwords everywhere (not just the email account) and enable 2FA everywhere possible.

Mike: When you get an email that appears to be from a friend, that contains an enigmatic message and a link to an ad or some sort of come-on, and obviously didn't come from the friend, . . . [w]hat should you advise the friend?

Suggest that your friend change his or her mail password, but not by replying to the message you received and preferably not by composing a new message and sending it to the friend’s address—because either could result in offering up your address to the perpetrator. Best course of action: phone the friend and describe the message you received. And, needless to say, don’t click on any link in the suspicious message. But you already knew that last bit.

Immediately mark that email as junk, move it to the junk folder and immediately erase it.

I am a highly experienced receiver of junk mail and phishing because I have had the same email address for 31 years now. It seems to be on every junk mail list sold to every scumbag that uses these methods of finding suckers. I have also had at least half a dozen organizations I am affiliated with get hacked and that adds to the lists. I often get span that shows I was the sender - it's so easy to fake that in email.

If you want to see the actual email sender's address, carefully click on the arrow that appears at the end of the address if you use Apple Mail and it will show you the sender's address which can easily be faked.

Likewise if you hover your cursor over a link it will show the actual link and you will be surprised at some of the addresses - many end in .ru for Russia.

It's usually not worth telling somebody their email address is being used for spamming. The people who started the IP standards were scientists and engineers who never thought that their system could be used for nefarious purposes. Ain't that a good laugh.

There is only one surefire way to stop spam - charge per email. If you charge even a penny (Bill Gates says ten cents) it becomes much less profitable to the scumbags sending out millions of these emails daily. Unfortunately ISPs balk at this - it could cost them a lot of revenue since those spammers represent the majority of their customers.

Let them know that they've been hacked, Mike. That way you are being a caring, concerned friend.

While you are telling your friend about being hacked, suggest they get two factor authentication, or 2FA for their email. Google requires it for their employees. And their employees email accounts basically do not get hacked.

As for the commenter whose sometime lawyer was hacked repeatedly. Sigh. Lawyers have a duty of competence, including in using technology. Having email hacked repeatedly means their IT practices are ... not competent. To say the least. What client confidences were compromised by the hack?

It's never from the person it looks like it's from. Like Facebook account cloning (the "Facebook hack"), it's all about creating false trust.

One's address book, or Facebook friends list, is a valuable commodity for creating false trust, which is then used by criminals.

Everyone's Facebook friends list should be shared ONLY with friends, not public.

This why I get annoyed when I've joined some sort of social organisation (a writer's group, a motorcycle club, etc) to find they send out emails to everyone without using the blind carbon copy field for all the addresses.

In one case they sent out my address and phone number, too. It needs just one insecure computer amongst 30 or 40...

I was once in a voluntary group trying to get some building work done for a local charity; I had useful experience. There's one person in that group who I did not want to have my email address, and they got it with the very next email, along with everyone else's. I left the group straight away and the charity lost the use of my experience.

The comments to this entry are closed.



Blog powered by Typepad
Member since 06/2007