Today, I received an email from a well-meaning friend asking if my email account had been hacked. He forwarded the original email to me, and it was immediately obvious that “Hacking” was not what was happening here. The appropriate word for what was done is “Spoofing”. My name was Spoofed. (http://en.wikipedia.org/wiki/Email_spoofing). To see the email I received, please see the bottom of this post.
What this means is that someone, somewhere got my name and used a bogus email address to send email to my friend – showing my name, but not from my address. This is a very important distinction. Had they used my email address, even with a DIFFERENT name, I would have been “Hacked”. I’d have to change my passwords and worry about my email account’s security. In this case, there’s nothing I can really do, but at least my information is safe.
I’m sure you’ve all seen emails like this. Emails that appear to be from friends, but are promoting something you KNOW your friend wouldn’t promote, or that has some wonky link in it.
If you’re wondering why this happens, there are several possible contributors to the cause:
1) Sending batch emails to dozens of people or strangers and CC’ing all the emails, exposing everyone’s names and addresses to everyone else. This is easily resolved by using BCC (for a tutorial on BCC, please visit my YouTube Channel: http://www.youtube.com/watch?v=1DunBSu6mL0)
2) Using BCC in your emails, but forgetting to remove the dozens of email addresses that had been forwarded to you by others who didn’t know BCC
3) (This seems to me to be the MOST prevalent) Keeping your Contacts (or Address Book) on a free email server – like Gmail, Yahoo, Hotmail, AOL and others. It’s not too hard for a hacker to access your information from there :
http://productforums.google.com/forum/#!topic/gmail/r8AOu5cPpaU
http://security.stackexchange.com/questions/34518/spam-that-comes-from-names-in-my-address-book-but-not-their-email-addresses
To support this idea, I can see that my friend received his email on his gmail account. My name is listed on his gmail account as a contact. The link and actual USED email address have something to do with cars. My friend is very connected with the car business and has likely been tracked as we all are, while doing some of his research.
Some articles blame social media, however I’m not among the people who believe that to be the culprit. My personal name is not listed in full, as used in this email on almost any social sites. In fact, the ONLY place this name is listed in this way is in Google+ (in which Google has endeavored to link everything Google to everything ELSE Google).
So, my suggestion is to stop using Free Email addresses on public sites. Now, I know that’s not going to happen, so here’s the next best thing. Check the email information – and look for the email ADDRESS from which the email was sent. If the listing is as it appears in the screenshot below – IMMEDIATELY delete the email. DO NOT CLICK ANY LINKS! Then, consider removing your friend’s name from a public listing on your free email account, and consider using BCC correctly in emails to protect the names and emails of your friends.
Look at the email address this was sent FROM