Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

A Weird Email From A Friend…

Another great question from a reader..

Q:Tech Paul,

I need your input on something.  I have received two emails from someone I knew very briefly last year and have not seen for several months, so it was an email out of the blue so to speak.  He addressed me by name, but the message was conveying a link I should check out about making money.  (get rich scheme), etc. I cut and pasted the weblink into my browser and checked it out.  It was some news story on some pyramid get rich scheme.  I didn’t think anything of it really and left the site and deleted the email.  I got another email last night from the same guy.  This time I replied telling him not to email me because I wasn’t interested.  Now I just got a message from him again saying:

‘Its not me. I’m sorry you’ve received these. Others have as well. Don’t know where they’re coming from ‘

What do you think Paul?  Has someone stolen his email address (is that possible to send email out to people using someone elses email address)?  Since I replied to the sender, has that put my email in jeopardy?

A: It is quite easy to “spoof” (basically, put in what ever you want) the Sender in e-mail. So, my experience tells me one of two things has happened: (with the latter being the most likely)
1) some spambot, somewhere out there in the void, is mass mailing, and using legit email addresses as the Sender.. this time your friend’s (harvested early and exchanged between scammers/spammers) address.
2) Your friend’s PC has been infected, and IS that spambot.
Do not open that email and click “Reply”.. start a new email to him, and tell him his machine is quite likely under someone else’s spell. Direct him to Trend Micro’s online virus scanner, “Housecall”, and tell him to run a full scan. If it finds anything.. he probably should contract a pro for a more complete malware removal ‘cleaning’.

As for your email.. it is (most likely) not “at risk” (say, of hijacking) but, yes.. some scammer/spammer probably now has you on their list of “valid” (active+real person) emails. Which usually simply means you will be included in their mailing runs (aka — you’ll get more spam).

BTW… whenever you suspect the possibly of something .. um, “shady” occurring (or, perhaps, your antivirus says it detected and prevented something serious [and not just a tracking cookie]) it is, well, “smart policy” to change your login passwords.

These badguys are reaping such large harvests, they don’t always use your stolen info right away (should they gain it). So my further reco to you is to change your email’s login password, and advise your friend to (if he is infected, and I suspect he is: use another computer to, or .. after he gets his cleaned by a pro) change ALL of his online passwords. Starting with his bank…

Related: A quick word on passwords:
Strong passwords should be “complex”. That means that they should contain both upper and lower-case letters, special characters (!@#$%^&*(){}[]) and numbers, and be at least eight characters long, and – most definitely – not be a word found in the dictionary (or a name). Your passwords (notice the plural. It is not wise to use the same password for everything.) will be easier to remember if you make them into a ‘passphrase’. An equestrian might use a passphrase of 1Lu^h0rsez, for example.

123456 is not a good password.

Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.

>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<

January 21, 2011 Posted by | computers, cyber crime, e-mail, Internet, security | , , , , | 4 Comments