Computer Related > Spam Computing Issues
Thread Author: Ambo Replies: 17

 Spam - Ambo
Someone my email address book list got a message, allegedly from me, offering some financial deal. He opened and then blocked it, assuming it was spam. But how could a third party have found his way into my list?
 Spam - smokie
I believe it's not always what it seems.

I frequently get mails allegedly from people I know (who are not in my contacts list, and have never been) which have a little text (like Have you seen this?) then a link to click (which I've never done).

If you look at the From mail address it is often the right name but the wrong email server.

My theory is that the mails are actually being generated in my computer, by looking up previously mailed people. You know, like when you start typing a name in the To box and it auto fills it. I know these names are kept in a file somewhere on my machine but I forget where.

The more concerning implication is that I have a bit of dodgy software on my machine, which is good at avoiding detection, that's doing it.

One reason for thinking this is that I never get these mails from people I've never mailed.

I don't mind being proved wrong.
Last edited by: smokie on Sun 3 May 20 at 17:22
 Spam - Ambo
Alarming. I had already checked Malwarebytes (free version) and found an item to quarantine. Windows Security was happy. Ccleaner (free version)cleaned up, apart from 2 apps it said were out of date, but wanted full payment to do so.

 Spam - Ambo
>>If you look at the From mail address it is often the right name but the wrong email server.

I don't see any "From..." My Emails have a prefix before the address but it is usually just a familiar name.

How do I find out who my email server is, if it s not Outlook?
 Spam - Ambo
>>Someone my email address book list got a message, allegedly from me, offering some financial deal

He had sent me a genuine email and I responded, using the Return arrow. He didn't get my response, only the spam message, got up to look as if I had sent it. Maybe I should have sent a fresh message rather than using Return?
 Spam - smokie
There's nothing wrong with what you've described your'e doing and I can't explain what you're seeing.

You can often see the full email address of the sender when you click Reply, or sometimes you can click on the persons name in the From field and it will expand to show you the full address.

You've done the right thing to run your anti virus tools and I don't think it's worth worrying about much more unless it gets overwhelming. Others may disagree but I've had this sort of thing for years and so far as I'm aware it's not caused me any problems.

 Spam - No FM2R
Normally I would agree with you, Smokie, and just ignore it. But in this instance the behaviour on Reply bothers me.

If Mr. X sent Ambo an email, which he received, but Ambo using Reply caused the legit email to be replaced with a Spam email is unusual and somewhat more concerning. Unusual to the point where I've never encountered it, though that is not the be all and end all.

Assuming we're not missing something it is almost certain that one of the two machines has active malware which needs to be found and removed.

 Spam - Kevin
Email header fields such as 'From' and 'Reply To' (as well as some others) are editable by the originator so you should never assume that hitting the Reply button will automatically respond to who you think was the sender.
If you still have the emails, expanding and checking the the header trails should give you some clues as to what the true story is.
 Spam - smokie
I was trying to keep it within the scope of the OP... :-)
 Spam - tyrednemotional
There are two main ways in which this might happen; "spoofing" and "hacking".

I've summarised briefly below via an edited (albeit somewhat repetitive) version of an AOL write-up.

===

Spoofing happens when someone sends emails making it look like it they were sent from your account. In reality, the emails are sent through a spoofer's own server, not your server. They are manipulated to show your address in the "From" field to trick people into opening them and potentially infecting their accounts and computers.

Differences between hacked and spoofed

A compromised (hacked) account means someone else accessed (and used) your account by obtaining your password.

Spoofed email occurs when the "From" field of a message is altered to show your address, which doesn't necessarily mean someone else accessed your account.

You can possibly identify whether your account is hacked or spoofed with the help of your Sent folder.

• Your account has most likely been spoofed if you DO NOT find any strange email in your own Sent Folder.

• Your account has been compromised when you find email in your own Sent folder that you did NOT send.

Signs of a spoofed account

If you experience any of the signs below, it's likely your account is being spoofed. Please be aware that unrecognised emails in your sent folder is not a sign of a spoofed account and is an indicator that your account was hacked.

• Your contacts are receiving emails that you didn't send.
• You receive spam emails from your own email address.


===

There does seem to be something more in your case, in that whoever sent the spam seems to know of a relationship between you and the receiver. I would suspect that one or other of your contacts have been compromised at some time, either by hacking or malicious software. You seem to have checked your own machine for the same, it is just as possible that (if you are in his contacts or mail in his inbox), the recipient might have been compromised.
 Spam - No FM2R
>> I responded, using the Return arrow. He didn't get my response, only the spam message, got up to look as if I had sent i

This is the bit that concerns me.

If I understand correctly. Ambo hit reply and sent an email; not only did the friend not receive that email, but a fake email was substituted in its place.

If accurate, that is unusual.
 Spam - Kevin
Very unusual.

Impossible to know exactly how it was happened without more info but consider this scenario. If the reply address had been tampered with before it reached Ambo (possibly on his friend's machine) he could have actually replied to the miscreant without knowing it. The miscreant then substitutes his own content for what Ambo wrote and sends that.
Or, more worrying, a compromised relay.
 Spam - smokie
Yes, that's why I didn't dwell on it. Unlikely I'd have thought. Maybe just a weird coincidence which looked like that.
 Spam - Ambo
>>If I understand correctly. Ambo hit reply and sent an email; not only did the friend not receive that email, but a fake email was substituted in its place.

That's right. Yesterday I had a local expert run checks, including my entire BT server's email record, extra virus scans and so on. He found nothing wrong but he was not able to explain the mystery.
 Spam - tyrednemotional
...about the only other thing I can think of to check is the DNS server settings, just in case someone has hijacked these (and then removed any malware that did so).

This would possibly allow someone to hijack sent mail, selectively alter it, and then forward on to the ISP's server for onward sending.

Pretty rare, but it has been known to happen.
 Spam - No FM2R
>> >>If I understand correctly. Ambo hit reply and sent an email; not only did the
>> friend not receive that email, but a fake email was substituted in its place.
>>
>> That's right. Yesterday I had a local expert run checks, including my entire BT server's
>> email record, extra virus scans and so on. He found nothing wrong but he was
>> not able to explain the mystery.


I mean no offence, but I think you need to check the information from your friend. In detail, to be sure that your email was stopped and a spam email received in it's place. Just to be sure he's not misunderstanding something.

The more I think about it the more I think the problem is at his end. If it were at your end it would have no reason to only intercept one email address.
 Spam - Ambo
Good point, I'll try.
 Spam - Ambo
Alas, he has gone strangely quiet so is presumed guilty.
Latest Forum Posts