SOMEONE IS USING MY EMAIL
ADDRESS - identity theft.
This link is for anyone who has found that their colleagues are getting
email from them which they did not send.
WHY DO THEY DO IT?
Spammers know that if their victim sees an email from someone they know, they
will have a better chance of the victim opening a spam email. Random spam from
random sources has a hit rate of around 1 in 1,000,000 whereas spam from known
sources has a hit rate of less than 1 in 100.
Ultimately this is about spammers attempting to get the victim to open spam.
HOW CAN THEY GET MY EMAIL ADDRESS?
Spammers need a way to find out who the victim is familiar with. They use a
variety of techniques such as:-
When someone sends you a joke email (or any other form of junk mail), there is a
chance the sender is also sending it to several other people at the same time.
All the recipients will be able to see who else has got the email. If one of the
recipients computers has a bug, it can extract the list of email addresses form
the email. The bug can send this list to the spammers. The spammers then have a
list of emails from people who are likely to know each other.
Another technique is for a bug to install itself on an end users computer and
simply read their address book.
HOW CAN THEY GET A BUG ONTO A COMPUTER?
Once again, there are several techniques. One is through legitimate downloads
which carry a payload. Let’s say the victim opens a page on a legitimate website
which has a link to a less legitimate website. The content of this second
website may be dubious. There may be inks to fantastic sounding programs
designed to lure the victim into downloading them.
Another data capture technique is to ‘sniff’ emails running round the internet
or attempts to log into various websites.
If someone uses a daft password, they are asking for trouble as some spammers
can use robots to attempt to crack your password. Some systems such as Hotmail
use unsecured passwords and so may be detected on the internet. Banks use secure
passwords and are extremely difficult to detect on the internet. If an end use,
uses the same password for an un secured system and a secure system, a listener
will be able to attempt to use your unsecured password to access your bank. This
is uncommon. Usually, someone will simply guess your details and transfer money
from your account to theirs.
Once they get your email address and can link it to your colleagues, they add it
to other lists and once they get a certain number, these lists are sold on to
other spammers.