20

I've recently received two spam messages that show a possibly worrying degree of knowledge about my contacts, and I'm wondering how concerned I should be.

Specifically, the names -- but not the email addresses -- that they appear to come from are family members. They share the same last name as me, but it doesn't appear to be random name guessing -- the only two messages I've received with a sender sharing my last name are real first names of family members (no "misses"). Edit: one of the names is fairly common; the other is pretty rare (didn't rank higher than #428 on http://www.ssa.gov/oact/babynames/), and can be easily discovered by visiting the website linked in my profile.

The messages were addressed to an older email account that I no longer use, but that's still set up to forward to my current address. This older email address does show up in various google searches alongside my name, but neither of these other two names as far as I can tell.

Given the above, how concerned should I be that my account has been breached -- as opposed to an account belonging to some third party who knows both me and these two family members, and still has my old address in their contact list?

Edit 2: I've had 2-factor authentication enabled on my main email (gmail) for some time before this spam began arriving, with no known loss of control of my phone, backup codes, etc. I will also enable it for Facebook now that that's become available.

Matt McHenry
  • 405
  • 1
  • 3
  • 8
  • Can we ask what the names are? Cause if its something super generic like 'Tim Smith' then it might just be a case of sheer luck? – NULLZ Apr 18 '13 at 02:57
  • 1
    If I were you, I would change all my e-mail passwords (add 2 factor auth if it is supported). Then see if it continues. If it does, you may be the target of a targeted attack, or they could have a keylogger installed on your computer, but it could also still be just random spam. Not enough information to say ANYTHING definitively.. –  Apr 18 '13 at 03:03
  • Three other possibilities: 1. A friend who has (or had) an infected computer and had his address book taken. 2. An old computer of yours that wasn't wiped that a new person is now using that got infected. 3. Something unrelated to email that might know your email address and contacts list and is public such as Facebook or the MSN Messenger or Skype directory. – Ladadadada Apr 18 '13 at 06:50

2 Answers2

13

I have noticed SPAM which meets this description, and which I infer is the result of address book compromises of people who have me in their contacts. For half a dozen of my acquaintances, I began receiving SPAM with the following characteristics:

  1. My friend's name ("JOHN WAYNE") in the From: field, but with a different actual email address, often at yahoo.com ("rikhanis@yahoo.com")
  2. Subject is my first name, or some simple variation ("GREG", "FOR GREG")
  3. From, To, and Subject often all caps

  4. One-line SPAM with links:

    greg, hey. look what I found! http://www.BAD.kr/bbs/data/bearangerchristophergordon/

    GREG, HI. YOU NEED TO VISIT THIS http://www.BAD.com/babyelementmarkphillips/

    hey greg http://BAD.net/diagramcyclingtimothymurphy/

None of the friends who were named in these messages could find anything with antivirus... but none of them were technically competent, either. However, given the ongoing repetition of SPAM with their names but different email addresses, I'm concluding their address book got compromised and the spambots are using that to tailor the SPAM.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • 7
    Usually it's not the people whose names are in the emails that are compromised. It's some *other* acquaintance of you both. – Stephen Touset Apr 02 '14 at 01:16
8

There are some pieces of information here that tell me that your accounts have most likely not been breached, and that while this appears to be targeted at you it's most likely automated from what can easily be found publicly with simple searches or Facebook:

  1. The messages are being sent to an old email account: If you were being targeted by someone they would be using your current email address
  2. The spam does not use the email addresses of your family members: If your account had been breached the attackers would be using authentic email addresses, not made up ones. Made up email addresses arouse suspicion and may trigger filters, an attacker would use real ones if they were available
  3. People's accounts rarely get breached to attack the account holder, they get breached so the attackers can pull their contact lists in order to attack the people they know. If your account had been hacked your friends and family would almost certainly be receiving spam messages purporting to be from you

Put all that together and it's very unlikely your account has been hacked, more likely you're just being sent spam by some bot that has a few names of connections from social networking sites. You should change your passwords just to be safe of course.

GdD
  • 17,291
  • 2
  • 41
  • 63