You've probably heard others talking about this happening to them as it's a very common scenario. You may even have seen emails from your friends or colleagues that have strange content or attachments that your antivirus program deletes on contact. So, what's going on?
It's all about 'spam' emails. These are emails that are sent out to thousands of email addresses. The content of the email generally has a purpose in order to generate money for the spammer. At it's most genuine level, this could to entice the reader to buy something. However, more often we find that the content of the email is more malicious. Some of the mechanisms are often referred to as 'phishing'. The email content often contains an attachment or a link to a web page which, when clicked, activates a process.
This process is generally classed as 'Malware'. It might make itself obvious to the user, or it might be a completely silent process running in the background of the user's computer. Its purpose is generally to find out information from the users computer and transmit this information to the originator of the spam email. This could be anything stored on the computer but banking details, user names and passwords are the main targets. This is extremely valuable information to the spammer. These details are either used by the spammer for fraudulent purposes or they are compiled into a database along with similar details from other victims. This information is sold to various criminals who use the information for their own purposes.
Spammers need to convince people to trust them and open the attachment or click their link. They know that people are unlikely to do this if they are suspicious. After all, who is this person? Why would anyone want to even read their email - let alone open their attachment?. Through experience, they have found that their success rate is increased by pretending to be the friend of the potential victim or someone that they can trust. If they can persuade a friend to send a link to the malware then the potential victim might be more likely to click it, right?
Firstly, one of the oldest tricks used by spammers is to send an email that looks to have come from one person when it actually came from another person's mailbox. This is called spoofing and it's very easy to do. However, most good mail systems use techniques to spot this trick. Usually these messages are either automatically deleted by the potential victim's email system or they'll end up in their junk mail folder.
The second trick requires some sensitive information. And this is where the confusion stems from. The spammer has found that sending an email to the potential victim and pretending to be their friend will most likely find their email gets deleted automatically. So, they need another way of getting their email delivered. They need to use the friend's actual mail system with the correct login details.
Wait a minute - how are they going to do this? How would they know the login details in order to send the email? The answer is malware on a computer that the friend has used to access their mailbox. Most likely, its a PC that they have configured with a mail program such as Outlook. Malware can easily find the user name and password for the mailbox from the settings within programs like this. The spammer will then use this information to access the mailbox from their own PC and send their email to all of the contacts within it.
If your own mailbox has been sending emails without your permission, then how could this be the case? After all, you've possibly got a great antivirus system and you may not have noticed anything lately that would make you suspicious. Well, I'm sorry to say - this is where you may have messed up and allowed this to happen! Remember I said that spammers often collect information and sell it? This process can happen quickly but it can also take a long time.! Therefore, malware that you had on your computer months or even years ago could just have been the cause of this stolen information. You may have cleaned your computer of malware but the damage was already done - your information is already out there!
So, we're all doomed then? Well, no not exactly - This is where good practice comes in. The only reason the spammer was able to send email from your mailbox was that they had your login details. You can't get them to delete this from their database but that doesn't mean you've lost control. If you change the password on your mailbox then the spammer's details won't match the mailbox settings and they'll be unable to send their email. They'll most likely just move on to the next mailbox on their list and try that one instead.
So, changing your passwords regularly is important. Not only for email systems but for every system you own. Every password you use should be unique and unpredictable, too! This is another subject that I've talked about previously in another post about password managers.
If your mailbox is being used to send unauthorised emails to your contacts, then you should ensure that you change your mailbox password immediately using another computer (in case there's malware on your own PC which would send the new password back to the spammer). Once you've changed your password, you should then ensure that all of your PCs, Macs and other devices are free of malware or viruses.
If you feel this issue may be affecting you then contact us TODAY for a chat about malware infection removal.
Please share our message: