Occasionally get bogus email using names in my address book.

mjslakeridge

Distinguished
Over the last few months, I have gotten emails sent to my free Juno email account that appear to be from people in my address book, but when I look at the full header, the real sender is a different person. They usually contain a link (which I know not to click on), although a while back I did click on an attachment I thought was from my sister who sends me things from time to time and it contained a virus.

Luckily I clone my OS drive and was able to restore from the image and get rid of the virus.

Does this mean that someone has gained access to my email address book? I recently changed the password, but got one of the "fake" emails just today. And it had the name of someone I do email back and forth from time to time, (but not his normal email addess). The message title looked odd, so I looked at the full header and deleted the email since it was not from the person purported to be the sender.
 
Happens to me from time to time.

Generally the address (my email address) was taken from an older family member's address book and the correspondence was made to appear as if that person sent the email. In another case, they seem to have figured out the name of a relative and use that name but the domain name is different. Quite often the email is flagged as something being forwarded to me versus a direct email.

My rule of thumb is to not open any unexpected emails and I also know how the family members present/use the subject lines. If unsure, I just sent them a new email asking if they happened to forward something to me. If not, I can tell them that someone is masquerading as them and sending out things.

Another family member is in a group with many senior citizens. Unfortunately they are all too often "hacked" and bogus emails are sent out via their names and domain.

Once your email address is "out there" it is sold and resold. Various groups will try to use it for scamming purposes.

Best defense is to keep doing what you are doing....
 

mjslakeridge

Distinguished
Glad to hear I am not the only one who this has happened to. In this case I am the "older family member", but generally very careful about my internet habits. I could very easily have clicked on the attachment I received from a "friend" yesterday, because he is a member of a band I have been recording songs for and send them out rough mixes via email. Then in a day or so, they reply back with comments or suggestions for the next mix, or parts they want to overdub.

A couple of years ago, someone hacked into my Facebook account (I had a weak password) and tried to pull the "I am in London and just got robbed and I need you to send me some money via Western Union" scam. They sent the message to an older person in my Facebook contacts list (early 60's), I assume because they thought that person would have more money on hand than my younger nieces, etc. Luckily that person got my work phone number from my sister and called me while he was still messaging back and forth with the scammer. He asked "Are you in London?". I said no I am here in Houston (I did travel to London for work back then so it was plausible). So I logged into my Facebook account and could follow the conversation between the scammer and my cousin's husband while he played along with the scammer. Finally the scammer realized he was being jerked around and ended the conversation.
 

bicycle_repair_man

Honorable
Jan 10, 2014
85
0
10,660
In all likelihood, someone you know has had their account hacked. If your account had been hacked then the emails would have been sent from you. Once an account has been hacked it's entirely possible to have access to every email address that account has sent and received email from, even if that email address isn't in the account's address book.

Nice one for jerking around the scammer, I like to play stupid and infuriate them. :D
 

mjslakeridge

Distinguished
Also in the past 12 months or so, I have gotten phone calls from the "Windows security team" or a similar name, informing me that they have been monitoring my computer and that I have a serious virus. The first time it happened I told them I was on a Mac (not true) so they didn't know how to respond and just hung up. Several days later someone called again with the same scam and I told them I have the latest anti-virus software provided by the U.S. National Security Agency as part of my job (also not true), so they hung up pretty quickly.

I guess what I don't understand fully is how they get the email to look like it is coming from someone in my address book that I have recently corresponded with. For example, the one the other day came from Roger XXXX @ some other email address.com, whereas my friend is Roger XXXX @Gmail.com.
 
Pretty easy to generate an "address book" of names by just concatenating various first and last names. Then likewise attaching common email domain names. Especially if there is already some sort of list/database/spreadsheet available. All random shots once the "email list" is created.

I originally messed with those folks quite a bit. However, I got more and more calls (pre Nomorobo days) as my number was flagged as "live" or "active" or some other such indicator that just drew more calls.

Nomorobo works very well but I am discovering that "Credit Card Services" is now getting through to the answering machine. And some calls will not delete until I listen to entire message. Or they seem to leave a very loud tone instead of a message after hanging up.
 

mjslakeridge

Distinguished
Haven't gotten any calls from "Credit Card Services" yet, but I suppose that will be next. A few months ago, I got a few calls going thru to my answering machine from the "Internal Revenue Agency" or something similar informing me that sheriff's deputies would be dispatched to my address withing 24 hours if I did not call back immediately. These calls were all in the form of a recording rather than a live person. I guess if they can get even 1 out of 10,000 people to respond, it is worth their effort. I rarely answer my land line unless I recognize the phone number. A lot of the calls are blocking their caller ID info, and on my end it will show up as "out of area" even though the area code is local.