Spam emails can be anything from R-rated sales pitches to authentic-looking correspondences riddled with viruses. You most likely wouldn’t want to send either of those things to your friends and coworkers, so learning that someone received a spammy email from you can be unnerving. Could someone have gained access to your email account? The good news is, not necessarily; your account may have merely been “spoofed”. To protect yourself, it’s important to know the differences between Spoofing and Hacking, and steps you can take to keep your account safe.
Spoofing is when someone makes an email appear as though it was sent from somewhere it wasn’t, such as your email address. Spoofing may be used to trick someone into downloading a virus or revealing confidential information. Say, for example, you are in charge of payroll. Someone could send a spoofed email to one of your coworkers asking for a copy of their W-2. Your coworker would never give their W-2 to a stranger, but if they thought the email was from you they might just go ahead and send it. While spoofing clearly isn’t harmless, a spoofer doesn’t need access to your email account in order to spoof it, they can simply use software to have your address show up in the sender field. So, as opposed to hacking, if your email has been spoofed your account is still safe.
Being hacked is more worrisome than being spoofed; if you’ve been hacked it means that someone has gained full access to your account. A hacker may get into your email through viruses or malware unintentionally downloaded on your computer, by guessing your password, or through a company data breach. After gaining access to your email account, a hacker could send emails out to all your contacts and potentially use your email to access your other online accounts.
How to Keep your Account Safe
- Read this article about hacked and spoofed email to help you determine what you're dealing with.
- Monitor your “Sent Mail” folder to make sure that the e-mails coming out of your account were actually sent by you.
- Use tools that your email service provides. For example, in Gmail you can check your recent account activity.
- Sites like Have I Been Pwned and PwnedList allow you to find out whether your email was compromised in a company data breach. (I found out mine had, in a 2013 tumblr breach.)
- If you suspect your account has been hacked, change your email password as soon as possible. If you used that same password for another account, change it there as well.
- Always use strong passwords; use a different password for each online account you have.
- Keep your software and system updated, and always keep your antivirus programs up to date.
- And, finally, avoid posting your email address online.
Unfortunately, it’s difficult to keep your information completely immune to hacking or spoofing unless you want to take extreme measures (like never shopping online again). However, taking these safety precautions will keep your information as safe as possible, and hopefully save you from having to apologize to all your friends and coworkers for spamming them!
See how our "Ultimate Guide to Cybersecurity for your Small Business" can help your business from becoming a statistic.