weird email problem (spam?)
Hi, I know this is not a "mac" question but didn't find any general computing question section I've put it here. Sorry if it's not at the right place.
A coworker is having problem with her email.
She says a couple of her friends receive email with her name (let's call her Cathy), but from different email adresses then hers. They are signed with another colleague's email adresse, not hers (let say firstname.lastname@example.org).
How can this happen? The person who received the email doesn't know Carl and has never received email from him.
I'm guessing that at some point Cathy sent an email to a bunch of people, including her friend and Carl and that her friend got a virus or something that sucked all contacts from her address book and now she receives spam with the name Cathy but from different email adresses then hers. The email contain links that I advised her NOT to click on at any cost.
Since Cathy doesn't want her friends to have problem with those email, and she's convinced it's HER fault, how can she fix this?
We are using Google for business for our email. There is another person in our company who had this problem but is no longer with us and the her email is no longer valid. I'm thinking the breach happened a while back (like 5 years). I'm not sure what to do next besides to tell her friend to be careful and check that it's the right address when she receives email from Cathy.
What do you guys think?
Nothing much can be done with this as once the spammers have created their database entries that create links between disparate names & email addresses (eg. by capturing the address book of a friend of a friend) they will mix and match in various ways to try and come up with a combination that dupes the recipient into thinking the email is real.
It may well be that at no point has Cathy or her data been seen or touched by the spammers and she also has no control over what they do with their database entries.
I tell my clients that the information in an email header can be easily faked so don't treat it as a measure of whether an email can be trusted. (I emphasise this by noting that it would take me less than 5 minutes to set up to send an email to them that looked like it had come from themselves.) And I reiterate to treat any unexpected email with caution - most particularly if it contains any links. And that they should tell their friends/contacts the same thing.