Clear all

weird email problem (spam?)  



Hi, I know this is not a "mac" question but didn't find any general computing question section I've put it here. Sorry if it's not at the right place.

A coworker is having problem with her email.

She says a couple of her friends receive email with her name (let's call her Cathy), but from different email adresses then hers. They are signed with another colleague's email adresse, not hers (let say [email protected]).

How can this happen? The person who received the email doesn't know Carl and has never received email from him.

I'm guessing that at some point Cathy sent an email to a bunch of people, including her friend and Carl and that her friend got a virus or something that sucked all contacts from her address book and now she receives spam with the name Cathy but from different email adresses then hers. The email contain links that I advised her NOT to click on at any cost. 

Since Cathy doesn't want her friends to have problem with those email, and she's convinced it's HER fault, how can she fix this?

We are using Google for business for our email. There is another person in our company who had this problem but is no longer with us and the her email is no longer valid. I'm thinking the breach happened a while back (like 5 years). I'm not sure what to do next besides to tell her friend to be careful and check that it's the right address when she receives email from Cathy.

What do you guys think?


2 Answers

email headers can be easily faked.  So if a spammer has any information on you, they can fake up any email headers they want, and put in the body of the email anything they want.

About the only thing you can depend on is that the very beginning of the raw headers has to come from somewhere real, but for verifying friends that is not really useful.  Looking at the raw headers mostly tells you if it really did come from an Apple server, or name your major corporate sender of email.  But individuals can be using any email server as an origin, including the same one the spammer is using.

Have "Cathy" change the email server password for all the different email accounts she might own.

This just assumes the got into her email server account.  But as far as the data they already have, that is a case of closing the barn door after the cows have gotten out.

I don't think they even went this far, it's just that they use her name, but with a different email address. The receiver just has to watch for the email address and she'll be fine, but at this point, her friend doesn't even want to open her email because of fear of getting hacked or something. "Cathy" is not very tech savvy and I her friend either I guess.

I suggested to just edit the name of Cathy in her contacts so that when the real Cathy writes, she should see the edited name and not the old one that the spammers have. Hopefully.


Nothing much can be done with this as once the spammers have created their database entries that create links between disparate names & email addresses (eg. by capturing the address book of a friend of a friend) they will mix and match in various ways to try and come up with a combination that dupes the recipient into thinking the email is real.

It may well be that at no point has Cathy or her data been seen or touched by the spammers and she also has no control over what they do with their database entries.

I tell my clients that the information in an email header can be easily faked so don't treat it as a measure of whether an email can be trusted. (I emphasise this by noting that it would take me less than 5 minutes to set up to send an email to them that looked like it had come from themselves.) And I reiterate to treat any unexpected email with caution - most particularly if it contains any links. And that they should tell their friends/contacts the same thing.