10504
You're email account has been compromised or "hijacked" and used to send spam. Signs that your account has been hijacked include receiving a large number of "bounced" emails from random addresses you don't know, or if you are suddenly unable to log into your account.
Detection
We have various methods to detect when accounts have been hijacked. When a hijacked account is detected we will be forced to disable the account until control of the account is regained. Once we confirm the account has been hijacked, typically we will change the password to prevent future unauthorized access, re-enable the account, and contact you as quickly as possible. It is imperative that you do not change the password back to the original compromised password.
Causes
It is difficult to determine the exact cause of a hijack in any particular case. However, usually your password is discovered by one of the following ways:
1. Stolen from another website where you use the same password. Unfortunately many sites, particularly smaller companies such as local merchants, have gaping security holes. If you have an account on one of those sites with the same password, someone can steal it and then access your email by knowing your email address.
2. Viruses on a system where you have accessed your email.
3. Checking your email from a public computer, that could be infected.
4. Weak passwords (see: Password Requirements)
What to do
1. Make sure your PC is current with OS updates and anti-virus/malware software. Microsoft has a free virus scanner available at http://windows.microsoft.com/en-US/windows/security-essentials-download. You should not install more than one virus scanner, but you should also scan your system with at least one other online based anti-virus product such as http://www.bitdefender.com/scanner/online/free.html.
2. Scan your system with a Malware removal tool such as http://www.malwarebytes.org/.
Don't continue until you are sure your PC(s) are clean, or only change your password from an PC you know is updated and clean.
3. Stop using the compromised password. Change the password on any other accounts or sites where you have used this password, and use a unique password for your email account going forward.
4. Check your email settings to be sure you have SSL enabled, this can help keep your email password secure. (see: How to Setup Your SAGE Email Account on Microsoft Outlook 2010)
Why am I getting spam email "from myself" or bounce backs for messages I did not send.
| Type: | Info | Publish Date: | 11/8/2012 12:47:30 PM |
| Applies To: | Other | Last Updated: | 9/30/2014 1:30:01 PM |
| Platform: | All | Expiration Date: |