Someone is using my (or has the same) email

Question

I just got a letter from court saying I made 49 threats to someone I had a problem with three years ago. This person presents "my emails" as evidence. I went through all my emails, and I haven't found a single one. The mail presented as evidence all come from my email address. He asks for 20,000 dollars for moral damage! How can this happen?

(ed. The letter is a valid and official legal document in accordance with the normal procedures in the country of Portugal. OP has already engaged with a lawyer. The accuser is a known scam artist. This question is about the technical details of the emails.)

Answer 1

Is it a scam?

First of all, make sure that you actually got the letter from a court. This might very well be a scam - it sure sounds like one. Do this to verify that the letter is real:

1. Make sure that the name of the court correspond to a real court.
2. Find contact information to that court through some independent method (i.e. not using any information in the letter).
3. Contact them and ask them if they did in fact send the letter.

If it is not a scam

If it is not a scam, I see three possibilities:

• The person accusing you of the threats never received the emails, and have forged the evidence. That would not be hard to do. (An investigation of the email headers will not help here, since they can also be forged.)
• Someone has spoofed your email address, and has sent emails that appear to come from you. This is by no means impossible. (An investigation of the email headers could be useful here.)
• Someone has hacked your email account (perhaps you used the same password on a site that was breached), sent the emails, and then deleted all traces (e.g. removed them from the sent items folder). (An investigation of the email headers would not help here, since the email is in fact sent from your address. Access logs from your email provider could prove useful, though.)

If it's not a scam, what you need to do in any case is to get some legal advice.

Answer 2

(Assuming US) No court is going to pre-emptively demand a settlement of $20K for a misdemeanor(!!!) before you've even had a chance to testify. Furthermore, threats are a criminal matter; this isn't a property dispute-- the police would have questioned you long ago, before this ever went to court.

If this letter truly claims to have been issued by a court (and you're not misreading it), it's bogus. Call the magistrate's office for the issuing municipality and verify.

If it came from a lawyer's office, it's a shakedown. Don't sweat it. Consult your own-- they may well tell you to just ignore it. The victim/scammer can demand whatever they want; it doesn't mean you're obligated to pay.

Either way, someone's targeting you (possibly the "victim") and one of your first steps needs to be filing a police report to document the fact that someone is either making false accusations or committing criminal behavior in your name. It's easy, free, and sets a precedent that you can later point back to if this escalates or happens again.

Whether or not this is bogus, under no circumstance should you talk to the (alleged) victim.

Answer 3

Given the additional information in comments,

I have a gmail account and use Mac. He wants to delete evidence. He used the original one, edited it, printed it, presented to his lawyer and deleted the original.

He did hack my email. Last week he deleted the original of one of emails that he edited and presented as evidence. Other mails are simply forged.

you must secure your email account. Change your password to a strong password you don't use anywhere else. Log out all other sessions. Since you use GMail, set up 2-factor authentication (that is, when someone attempts to log in, Google texts your phone to send a code which is needed to complete that access).

Before you do that, in order to preserve access data, use the "Details" link at the bottom right of the GMail screen to show accesses to your account. Screenshot that data: it will change with subsequent accesses and the earliest ones shown will disappear. That's also the screen you use to sign out all other open sessions on your mailbox. Once you have secured as much access data as you can and signed out everywhere else, change your password.

You may find that deleted emails are still retained in the Bin/Trash/Deleted folder (although I suspect he will have removed anything relevant from here as well).

Unfortunately, if he has gained access to your account, then the emails which appear to have been sent from your account have actually been sent from that account. Forgery protection is useless in this case, and it will be difficult to prove that you did not do that or that you did not delete emails. If your limited access log does not provide proof of access from a location which wasn't yours, then you will need Google to provide server logs, but that will not be easy to achieve.

Answer 4

Due to the nature of electronic mails, anyone can send a mail with any name from NASA to FBI to your neighbour. You need to raise the court's attention to this.

Get the court release the full emails, including its headers. The headers will tell that the emails did not go through your mail server (or the mail server you use). If you are using an email giant like Google, Yahoo, etc., like 99% of other people use, it's pretty easy to prove you're right, because the absence of DKIM is a clear sign of spoofing. If not, you might have to prove that you did not have access to the server the mail is originated from.

P.S.: Modern email providers automatically use DKIM and SPF for validating authority, and some of them (Gmail for example) constantly mark emails as spam whose senders don't use these. I think it's by now a widely accepted standard, and exchanging mails without these techniques is just like regular mail where you claim to be yourself just by writing your name on the envelope.

Answer 5

It is actually very easy to send an email and to enter the email you would like it to show as sent from.

Here is one that i found on a quick google search

I do believe it is a scam like all the others said. But it is very possible for someone to send emails that appear to come from you.

Answer 6

This this is on security, I'll ignore the legal questions and go to the e-mail issue:

It is absolutely trivial to fake e-mail. Even making a reasonably good fake that stands up to surface scrutiny is not very hard. Inspecting headers may or may not be worth the effort, they can be faked, too. Especially if you have no access to the original mail resting on the original server that is not under the control of the person making the claim, then an e-mail is basically just a text that I can just as well fabricate wholesale.

In short: Someone claiming to have mails from you that you didn't send does not mean your mail was hacked. If it had been sent through your (hacked) account, you would most likely find them in the outbox or in the trash can. (of course, the attacker could clean up after himself, but why should he? the mail actually being there makes his case stronger, and you claiming you didn't send it when it's in your outbox is a weak defense)

tl;dr: Most likely, nobody hacked your mail, someone just forged one or made up the whole thing.

Answer 7

I cannot help you much with the current issue, other than advising you as others did, that if indeed he broke it your account, and you have to ask the provider, you will have to go to court for the provider to give data about IP addresses.

I would also ask gmail if they could produce a backup of that deleted email via the court order. I also suspect that you do not even need to prove it was the actual guy hacking your email, and it will be enough creating a reasonable doubt wether your email account was hacked at that time.

As your comments talk about Google, you can edit a history of what devices accessed your account, and it says the make of the device, and the City used.

Go to "My Account"->Device activity & notifications" and under "Recently used devices" select "REVIEW DEVICES". Select the suspect device in case it is there.

For the future, I advise you to activate double factor auth, 2FA, which obliges a device to use a token.

I also ask you, how was that individual able to hack you multiple times? It it possible that in a point in the past he planted some spy software in your computer? Have you answered to emails "Your account is due to be closed, please confirm your username and password?" The details about your account be compromised seem fishy, to say the least. The easiest way for the guy to go about it, would be to create an email very similar to yours, and use 1 true email together with 48 edited emails from that account...

Obviously this is all for problems in the short term. In the long term of things, most providers are only require to save IP addresses and usage by law for 2 years at least.

Beware also that some other emails (2 years +), are harder to locate in Gmail inboxes.

I would also not wait for him delivering the emails to the court; he has a vested interested on only delivering them at the last minute. Ask through the court for a list of IP addresses, emails and time from google exchanged between your address and the address of the guy.

On the producing of proofs,beware of bureaucracy. In my case, they summoned me for "a simple meeting", and the court did not do the paperwork on the Citius database, they refused to give data about it to my lawyer over the phone, you yourself as non-lawyer cannot have a look at your own process, and I had to send my lawyer to another city for browsing the physical files, and only them we find out they had another type of complaints behing the "meeting", and even had arranged witnesses to give a fake account of the facts.

As other said, try to hire a competent legal aid familiar with this field.