0

A family member contacted me yesterday saying their email has been hacked and that some other family members received spam emails from their account.

For this example, lets say the hacked family members account email address is John1234@gmail.com. I checked my spam folder and there was what appeared to be an email from this family member. The senders name was John1234 and the subject read "Hey Dan", which is of course my name. I looked at the email address that the email was sent from and it was not the family members email address, John1234@gmail.com, but rather John1234@williamcody.com.

I informed the family member of what was actually happening and that their account was not hacked, but suggested a password change anyways.

Now, this family member has used the same username, John1234, for 10+ years and I'm sure they have been a part of many chain emails in the past. I'm assuming this spammer is getting the other family member emails from this or a similar method.

The question is, how can I prevent this from happening again? My spam filter caught the email, but other family members spam filters did not. The website the fake email account is hosted on looks like it hasn't been touched in a few years. Can I assume that the website owner is unaware?

Daniel Storm
  • 101
  • 2
  • 1
    Have you read [this](http://security.stackexchange.com/a/34560/100201) or [this answer](http://security.stackexchange.com/a/34529/100201)? – A. Darwin Jun 21 '16 at 17:31
  • 2
    if the domain is not the same, it's not the same address, so what's the problem again? – dandavis Jun 21 '16 at 18:18
  • @dandavis I'm aware and I've mentioned that in my question. The concern is how they've managed to obtain the address book information. A.Darwin has pointed out some other questions that address my concern. – Daniel Storm Jun 23 '16 at 13:46
  • 1
    there are so many vectors of grabbing contacts it's hard to do much aside from speculate. It could be desktop malware, a copycat mobile app , XSS on a web email client, someone recovering them from an old sold/donated computer, etc... – dandavis Jun 23 '16 at 20:17

1 Answers1

1

Anyone can create new email accounts with "John1234", and those usernames are considered "public" so you have no control over that.

What is more interesting is how the spammer got a hold of the distribution lists. I would highlight the "change password" advice and make sure that proper hygiene is being practiced.

schroeder
  • 123,438
  • 55
  • 284
  • 319