Far too often, I hear people asking about emails their friends have sent them that contain adverts, spam and sometimes even viruses. The thing is their friend never sent these emails so where did they come from? The immediate concern is that their email account has been compromised but sometimes, that’s not necessarily the case. I’m going to let you know about a few steps you can take to make sure your email account hasn’t been hacked and what to do if you find out it has.

Have you ever received an email that is badly spelt or laid out oddly? Have you ever tried to open an attachment on an email that appears to be from a friend or colleague but your virus checker warns you it isn’t safe? Chances are this email has been sent by a hacker hiding behind your friends email address. So where did it come from and more importantly, how can your friend stop it from happening again? There are several ways this sort of thing can happen.

Strangely enough, the actual source of the problem may have nothing to do with your friend or colleague. If someone your friend knows got hacked, this could have the same effect. I’ll attempt to explain how.

A virus arrives in an email disguised as an attachment. This can be made to look like anything, a photo, a music file or even a word document This is one of the many reasons you should have good anti-virus software! Click Here to visit my blog on Anti Virus software. As the virus spreads its way across the computer, it will harvest all the contacts email addresses from the address book. Some more advanced viruses can even go through the content of emails, documents and files to take more addresses from there too. Once it has collected all the addresses it can find, it will send a pre-defined email to every one of these contacts. This can be an exact copy of the virus that was initially clicked on or a completely different email such as spam or a request for money. Don’t worry about this filling up your outbox though, it won’t send them through your email address. It uses a different account setup for precisely this reason. That explains why the emails never appear in the sent items folder. 

But that doesn’t explain how it appeared to be from your friend or colleague? Here’s the clever part. The virus manipulates the weak security of the email system and is easily able to change the sender ID to make it look like it is from anyone. So the virus will use a random selection of the email addresses it harvests to appear as the sender address. This means it wouldn’t be impossible to receive an email that appears to be from you!

So put into simple terms, your colleague’s friend has an email virus. You’re colleague is in their address book and it chose them as the false sender. Now the email you received appears to be from your colleague but in fact it was from your colleague’s friend!

Of course it’s just as possible that your friend’s account got hacked, or someone simply guessed their password. As soon as they suspect this, they should change their password straight away. Password strength is something that should be considered carefully making sure it is difficult to guess, contains numbers and letters and at least one upper case letter. So ‘Pa55w0Rd123’ is more secure than ‘password’ but unfortunately, a lot harder to remember! As well as changing the password, it would also be a good idea to change the security questions too.

If they use an online email client, they should check the personal information such as Address, telephone number and the alternative email address (used to contact them if there is a problem). A hacker will be likely to change these to avoid being caught out by the host. If this information has been changed, you know that your account has been compromised.

Unless they can find obvious signs that the account has been hacked, it can be very difficult to make absolutely sure it’s not just an email from a contact (as explained above). If possible, it would be best to have an expert or professional to have a look at the account as there are subtle tell-tale signs that can be hard to spot unless you know what you’re looking for.

If you can’t get an expert to look over it and you’re still not sure, the best thing to do is play it safe. Assume that the account is infected and follow the next step.

A lot of people use the same password for everything they do on a computer. This is not only dangerous but also pretty daft. The problem is that once one password has been obtained, the same password will allow access to everything else you do online. The first thing you should do is change any other passwords that are the same or similar to the account that has been accessed. If you are given the option of creating your own security questions then this is often the best option. Predetermined questions are easier to guess and they can be the same across other programs and accounts. Another problem is that unless you’re prompted to do so, no-one changes their password to something different. I’m as guilty as everyone on that last one. Try and change your password at least once a month and never write it on a scrap of paper stuck to your monitor! By taking these things into account, you can make your email accounts uninviting enough to make even the most intent hacker move onto the next person. Let’s just hope they followed my advice too!