Spammers and scammers hacking e-mail accounts to get addresses

Email spammers and scammers are now breaking into email accounts and collecting known “active” email addresses from people’s address books.

Known ways that spammers are hacking accounts include:

• Guessing a weak password.

• Guessing a known security question so that the password can be changed/reset.

• Sending an email from what looks like the email provider asking to reply to the email and give the email password.*

Once spammers get a hold of email addresses they send spam messages promoting bargain pharmaceutical drugs, software, etc. They forge their email address to appear to come from one of the people in the hacked address book since people are more likely to open an email that appears to come from someone they know.

Another recent scam is to send individual e-mails to everybody in the address book asking for money. The scam usually includes something like “I am on vacation in Europe and lost my passport and cell phone. Please wire me some money so that I can get back home.” Since the e-mail address is forged to look like coming from a known friend, the recipient may believe the e-mail and send money to a scammer.

* Below is an actual e-mail that looks like it’s from Yahoo, in which scammers have been getting Yahoo e-mail account information.

If you get an e-mail from what appears to be someone you know that contains advertisements or asking for money, it’s likely their e-mail address is being forged. Just delete the e-mail. If contacts are telling you that you are sending spam, immediately change your e-mail account password and password retrieval security questions, just in case your account has been hacked.

See Creating secure and memorable passwords.