So a friend tells you that you’re sending spammy-looking emails out. But it can’t be–you had no idea. You even check your sent email folder to see if you’re crazy, but all the emails look familiar. You respond bewildered to your friend, not knowing what to do. Have I been hacked??
The first thing to do is stay calm! Part of the scam here is to get people worried and scared that everything on their computer has been stolen, which is terribly unlikely. It’s most likely that this message was spoofed with your name and/or email but that your email wasn’t hacked.
If you think your computer has been hacked, but no-one has contacted you about a strange email, start at step 5.
Let’s do some discovery. Then figure out how to get cleaned up!
1. The first thing to do is to get a copy of the email “headers.” This is the code sent through the servers that contain an email. The headers are found by different means in each email client.
In Apple, click View —> Message —> Raw Source
In most Outlook versions, open the email in a new window, click File —> Properties
In Gmail, Click the down arrow, then click Show Original
All headers read from newest to oldest, so the top being the latest messages and the bottom being the originating headers. So look towards the bottom of the header and search up for the first instance of these:
“Received From: example1.com” and this server is who really sent the message
Look for the next “by: example2.com” to see who then received the message
X-Mailer is the device used to send the message.
You can also look for the line “DKIM-Signature” and find the d=somedomain.com. This is a third party sending an email but is authorized by somedomain.com.
*A more simple solution is to paste the header into Google’s Header Check at https://toolbox.googleapps.com/apps/messageheader/ and confirm the servers used match the real sender
If example1.com matches the From name domain, then this verifies this email as legitimate. If you notice that the example1.com is somewhere located in India or Belgium, completely different than the sender, it’s fair to say that this was a spoofed email.
If you’ve been spoofed, then it’s time to tell your friend that he/she should run their virus and malware scanner and add that sender to their blocked list (since it really isn’t you). In this case, that’s all. Spoofing happens all the time and there’s little you can do to prevent it. You haven’t been hacked, nothing has been stolen. No need to proceed to #2.
But, if your discovery from above shows the email to be legitimate, then someone is likely sending email on your behalf. This changes things. If you determine someone is sending emails on your behalf (or you aren’t sure), then you should take some action. Go on to #2.
2. Change your email password(s) and security questions immediately. If you have a lot of sensitive information on them, consider enabling 2-factor authentication. If your email has been blocked or you can’t log in, Use the recovery methods provided by the email company. Check your contacts list to make sure it’s still there.
3. Notify your friends that you’re account has probably been hacked and to not open any strange emails from you, especially attachments.
4. Virus Scans. Run your Antivirus Scanner in “Full Scan” mode. This will take a while, but you need to do this. Consider running a full Virus scan on your other computers to make sure nothing has spread.
What Virus Scan? Use whatever virus scan you have installed or consider switching to Kaspersky or Avast, which have the top ratings in 2018, if you think it’s not finding the virus. The best FREE antivirus is Avast, rated by Toms Guide and PC Magazine.
Free vs. Paid? Well, under normal conditions I recommend using free virus scanners. They usually take less resources and don’t bog the computer down when running a scan. However, these are circumstances I’d recommend a paid service:
- You have kids (or you) like to click on a lot of things, not always knowing if it’s safe.
- Your computer stores a lot of sensitive information.
- You want to “set it and forget it” and don’t mind paying for it.
- You think you may have been hacked big time! Now’s probably the time to pony-up.
5. Run a good malware scanner. Malwarebytes.com has a free one. For serious hacks, consider paying for a virus and malware scanner combo. Avast has a very reputable one this year.
6. Make a backup of your computer. Everyone should have a backup! Google “creating an ‘Image’ of your hard drive.” Keep this backup in case things get worse.
7. Contact Credit Agencies. Depending on how much sensitive information is stored un-encrypted on your computer (ie. bank info, social security numbers), consider contacting the credit agencies to see if anything has been run through your credit. Change banking and other sensitive website accounts you use online. If you don’t save a lot of this type of information, you can skip the hassle.
8. Run a scan of your Windows Operating Files to be sure your operating system is running correctly. To do this, in the search field, type “Command” without the quotes. Right-click on the Command Program and “Run as Administrator.” On a command line type “sfc /scannow” without the quotes.
9. If you can’t access your computer, follow instructions given by LifeWire.
10. Monitor your computer! If, after trying all of the above steps, it’s slow, freezes, restarts on its own, the next step is to reinstall Windows. But that’s for another article!
Feel free to reach out to us if you need any help. We offer free consultations by phone or through the help desk. Happy computing!