Everybody hates spam. At best, it’s irritating and wastes a few seconds of your time; more severe cases can approach phishing and pose a danger to anyone who interacts with the illegitimate messages. We’ve all probably gotten an email advertising hot singles in our area or how to make a pile of cash overnight, but when your account is the one sending the spam, it’s a different situation.
It’s important to be aware of the signs that someone has been tampering with your email account, and what actions to take should you encounter a problem. Let’s make sure you know how to do both of these, and then wrap up with how to prevent this garbage from happening in the first place.
Evidence Your Account is Compromised
Unfortunately, when your email account has been attacked, the signs won’t always manifest themselves in the same way. However, this doesn’t mean that you won’t have a clue what’s going on. If you observe some of these symptoms, you need to take action.
Something’s up With Your Sent Folder
Most of us don’t check the Sent folder of email as much as we obsess over Inbox Zero, but it’s a good idea to keep an eye on what’s leaving your email, too. Scan the headlines and if anything looks shady, take a closer look. Of course, just because your Sent mail is clear doesn’t mean a lack of foul play. A spammer could have easily deleted them to cover his tracks.
Nonsense Found in Recent Activity
Most email providers have a page that allows you to view where your account has been touched lately. Take a glance at this page once a month or so and if you see access from devices you don’t own or from countries that you’re not even close to, that’s a strong sign someone else has gotten into your email.
For Gmail users, Google Dashboard carries all of your info for various Google services. At the top, under Account, you can see what devices and locations your account has been accessed from in the last month. Scroll down to Gmail and you can view how many messages have been sent, as well as the most recent one. If this number is through the roof, it’s likely a bot spamming.
You Aren’t Getting Email
It’s not as common, but if your account is under hostile control, you might not be receiving emails that you’re expecting (not including another one of those endless newsletters!). Should you suspect this, a good test is to have a friend send you an email to make sure it goes through. For good measure, reply to them to be sure your email isn’t being modified or having an unwanted signature added to it.
This is an obvious point, but it really depends on who’s in your contact book, since they’ll likely be the ones on the butt end of the spam.. Hopefully, if you regularly email funny pictures and stories or have deep conversations with your friends over email, they’ll know it wasn’t your hand that sent that “hey click here to lose weight” junk – they can let you know so the problem doesn’t go on for weeks.
Having less tech-savvy users in your address book can be a problem, as they’re more susceptible to falling for thieves asking for money impersonating you. It might be worth having a conversation with them if you haven’t already.
Shutting Down the Problem
First, let’s review the common causes of a compromised email spreading out spam. A weak password is a common culprit; if you’re using an easy-to-guess password, you need to replace it immediately with a rock-solid one you can remember. If you frequently use public computers, know how to stay safe on public machines so you don’t accidentally share your login details. When you’re the one receiving the spam, never click on a strange hyperlink and never enter your email password without being sure it’s the real site.
Now, let’s take a look at how your can stop your email from being used as a spam-producing factory.
Change Your Password
The first thing you should do any time you suspect a breach of your account is to change your password. An intruder could be sitting dormant, so time is of the essence once you discover what’s up. Reading our password management guide can help iron out the any questions you might have. Changing your password ensures they’re blocked out in the future, but you still need to do a bit more.
Scan for Malware
At this point it’s not certain if the spam originated on your computer or from someone else, so it’s wise to run a scan to make sure you don’t have an infection on your system. Check out our resources for removing malware – using Malwarebytes or SUPERAntiSpyware (which we’ve covered in-depth) should get the job done. If you discover something particularly nasty, go through the steps to take when you find malware before moving on with your email problem.
It’s also wise to check for browser infections at this point – we’ve looked at how to clean up Chrome, and no matter what browser you’re using, you can defeat pop-up ads and clean your extensions in the process. Change your password again if you find evidence of keyloggers on your system; you wouldn’t want to hand over your new password to malware!
Check the Spam’s IP Address
Now it’s time to find out how the spam email came into being. There are two likely options: either someone got into your account from stealing your password, phishing, or some other means, or the email never actually touched your account and it was simply spoofed to make it look like it was coming from you. In case of the second scenario, you can trace emails back to their source and see through the trickery. We’ll illustrate how to do this in Gmail, but the process will be similar for other mail clients.
On any email (have someone who received the spam forward it to you if you don’t have a copy), simply click the little arrow to the right of the Reply button to show all options and choose View Original. Here you can see all the technical details of the email (it’s unfortunate, but the view we’re accustomed to can be easily faked).
Look for Received From near the top of all this text; that’s the IP address that the message originated from. You can trace its journey down the list until it hits your address. Put the IP into an information site like IP-Lookup to see where it’s from and who own the address. If the address seems totally random, it’s likely it was used as a forgery for the explicit purpose of spamming.
In this case, we see that Ryan’s email originated from Google’s mail server, which checks out because he was using Gmail. If this were spam, we’ve already looked at the steps to find out what happened – a strange IP address in your account history means someone actually signed into your account from their IP address. Finding that your email is being forwarded to a strange address or remembering that you clicked a shady link probably means your email is being spoofed.
Check to Ensure Everything Else is in Order
Now that you’ve identified and shut down the issue, let’s make sure no traces remain. You’ll want to check areas such as your signature and forwarding rules to be sure that nobody set up a filter to send all of your email to their own address, for example. To double-check, send an email to one of your contacts and have them forward it back to you, or send to another address you have to make sure everything is clean.
In addition, take this chance to make sure your account info is up-to-date. Do you have an old phone number or dead email address registered as an emergency contact? Make sure you have ways to get into your account if it were to be attacked again. Review the apps that are allowed to access your account (anywhere you’ve signed in with your Google account, for instance) and be certain none of them are abusing privileges.
Notify Your Contacts
Finally, you’ll want to send a courtesy email to your contacts letting them know your account was compromised and that you’ve got things under control again. Perhaps you could even ask them to let you know in the future (by other means, such as Facebook message or call, would be best) if the problem comes up again. Hopefully your friends know how to spot fraud emails and don’t fall for any spam that comes their way, but it’s best to warn them in case.
Let’s Never do This Again
Thankfully, once you’ve cleaned up this mess it doesn’t have to happen again in the future. Many of the things you’ve done above will help protect your account in the future, such as using a better password. Going the extra mile is smart in this case; try using two-factor authentication on major websites that support it. Another good plan is to set up an alternate, permanent email address and add it to the contacts list of your primary email. That way, if you ever start churning out spam again, your secondary email will receive a copy and you’ll know right away.
Above all, be vigilant. You have a responsibility to keep your accounts free of infection, in this case due to the very real threat of sending malicious links to your friends. Even if you haven’t experienced this problem, take the time to use the steps here to perform a little email security audit (Google has even more tips) and be sure you’re doing your part to protect against spam. Too many people aren’t and it’s why these problems persist.
Has your email account ever spewed out spam? Have you ever fallen for a friend’s account sending you a malicious link? Share your stories and tips in the comments!