My Yahoo account shows no suspicious activity, only log-ins from my desktop and 2 of my devices. But a friend was spammed twice within a short time today from my email address. I use Yahoo's Account Key system, so there is no password to change. Should I be concerned about this? And what likely happened? Nobody else has reported getting spammed by me, so far at least. Thanks!
-
6it is trivial for someone to set the "from" address as anyone's address - it's possible that your friend's account got hacked, and the attacker is using sources from their own address book to set the "from" address. There are lots of possibilities that could have enabled this to occur. – schroeder Mar 31 '17 at 09:19
1 Answers
As mentioned by @schroeder, it is easy to fake the sender address when sending an email. Because of this, the value of a stolen account is not the address itself but its contacts.
The value in sending spam with a faked origin is to make mail seem to come from a trusted origin. By stealing your contact list and/or the list of people you have emailed, spammers are able to send everyone you know messages with your name on it. You might not trust an email from money@freemoney.biz but would you trust a hair product recommendation from your wife (or more precisely her email)? Often, the answer is yes.
If you are wondering if your account was compromised, ask your friends. If your account was hacked, they'd probably notice the recent increase of spammy emails with your name on it.
In addition, you can return the favor by telling your friends if you suspect that they've been hacked. While I don't suggest doing this by emailing them back (since that might alert a spammer that you are receptive), you could casually bring it up in a conversation (your mileage may vary ;)
- 1,121
- 6
- 11