Generally the emails sent out contain nothing but a link; but when the recipient clicks on the link they are taken to a rogue web site that infects their computer with malware. The end result: their computer is loaded with software that steals confidential information or turns it into a zombie that joins the ranks of thousands of other mindless machines that do the bidding of their command and control servers.
What happens in this particular instance is that at some time, you downloaded a piece of malware that recorded your email provider, the username and the password. Once the account credentials were compromised, spammers were free to use your account at will to send more malicious emails out to unsuspecting victims. Victims who trust that the messages you are sending to them are safe.
Research also shows that all email providers are susceptible to this. According to Amir Lev, Commtouch’s chief technology officer:
“Commtouch’s poll reveals that more than two-thirds of all compromised accounts are used to send spam and scams. This is not surprising, as cybercriminals can improve their email delivery rates by sending from trusted domains such as Gmail, Yahoo, and Hotmail, and enhance their open and click-through rates by sending from familiar senders.”
Respondents to the poll revealed that 27 percent of all Yahoo! email users had fallen victim to this type of attack. Nineteen percent of Google mail users were found to have fallen victim and 15 percent of Windows Live accounts were used to spew spam. But honestly, anyone using email these days knows that the numbers are likely much higher because it seems that almost everyone knows multiple people who have had this happen to them.
But you can protect your email, and your friends. You just have to take the right steps.
I don’t want to be a spammer!
The cycle starts when your computer is infected with credential stealing malware. The easiest way to prevent your email from being compromised is to keep malware off your computer.
To do this you need to make sure you are doing the following:
- Running a reputable malware scanner
- Keeping your malware definitions up to date
- Using a browser, or add on, that warns you if a web site may be serving malware
- Not clicking on untrusted or unknown links in your email or social networking communications
Of course, you need to run your anti-malware software. Even if it means you have to wait a little bit or that your computer may slow down. It is extremely important that you do not put off your scan until next time. If you don’t use the software, you may as well have never bought it.
I just found out I am a spammer! What should I do?
If your email is sending out spam you likely found out one of two ways. You noticed a bunch of undeliverable warnings in your inbox or you received a bunch of emails from your friends telling you your email was “hacked”. Either way, you are going to have to deal with the embarrassment of this situation so the only thing you can do is get if fixed before you irritate more friends, family and co-workers.
Start by changing your password to something generic. This will stop the outgoing flow of spammy emails, but it won’t solve the problem.
Next, you need to immediately update your anti-malware software and run a full scan. This could take some time but it’s the only way.
Make sure to follow the instructions to clean any malware that may be found on your machine. Then, when you are confident that there is no lingering malware, log into your email and change your password again. This time, it should be a strong password; not something generic.
Once you have addressed the problem, sit back and relax. Apologize to your friends knowing that it may only be a matter of time before their email is sending you spam.
Of course when you get one of these emails in your inbox, you won’t be clicking on the link will you?