[FARC] Hijacked or Spoofed?

[Philip Karras]

All, Just a heads up but sometimes an email account is not compromised, hijacked, it is just that someone's email address is being used in the From address line, it is a spoof attack.

This happened to me years ago while I was working on a bulk email program in Perl. I needed a this program for two uses, a ham radio newsletter for the Carroll county club and for a church organization.

I received only one email from someone getting very annoyed at "my" sending him all sorts of junk email and he put my address in his block section & told me off.

I explained that I was not the spammer and that anybody's email address can be put in the From line, if you have an email program that allows such a thing. And, I just happened to have a program that allowed me to do just that - my bulk email program where I could put in a from address depending on which bulk email list I was sending to - and so, I sent him this email using his very own email address.

The one thing to do is to change your email account password and see if that stops the spammer and the numerous bad email addressed emails that come back to your account. If you cannot change your password it definitely means that not only did someone use you email account they actually hijacked it and changed the password! More common is that you'll notice no more email "bouncing" back to your account which also means that someone did hijack the account but didn't change the password and you're now fine.

If changing your password doesn't stop the outgoing email it is because your email account has not been hijacked, it is only being spoofed. Someone is using your email address in the from address line and there isn't anything you can do about it except wait it out, which is what I did & it stopped after about a month's time.

Why does waiting work? Because most people being spammed put your address in their "blocked" list and since the spammer wants to get to as many people as possible they then use another email address in the from line which hasn't yet been blocked. The best thing you can do for your friends is to let us know what's going on & to ignore all email seemingly coming from you except those email that start with"???" some word or words before the real subject of the email.

In my case I didn't have to send my friends anything since the bulk email list that was being used did not include many if any of the people in my email lists. Also, this case is interesting  because they aren't even using Jim's email list, they only need to know of our bulk email account,  farc at mailman.... in order to send to all of us on that list.

Now there's a really nasty way of spamming! Don't bother getting email addresses of people, get the email addresses of bulk accounts like ours! These account are kept up pretty well and old email addresses are dropped from them pretty quickly, which means the spammer has a known real audience!

I written about this before and explained it to many people who have asked me and in the present issue, June 2012, of PCWorld there is an article on the same subject, page 35 "Security Alert" "Help! Spammers Hijacked My Email Account" if you want to read/learn even more.

73 de ke3fl,
Phil