Content of the material
What you’re seeing is called “spoofing” (or more correctly “From: spoofing“): sending email appearing as if it’s coming From: someone that it isn’t.
Spammers hide their email’s origin, and do so very effectively. Spoofing is used in almost all spam you see.
And it’s quite easy.
The From: address is meaningless on spam — it tells you absolutely nothing.
There’s nothing in the email protocol requiring that the From: line of a message has anything to do with the message’s true origin. To discover the true origin requires more detailed analysis of email headers (which you normally don’t see), and even then, at best you might be able to get the IP address of the computer sending the email.
And as I’ve discussed ad nauseam, the IP address is pretty much useless to you and me.
That you’re seeing your email address in the From: field of spam shouldn’t alarm you. It might be annoying, but there’s no need to worry about it. You’re already on spammer’s lists to get spam, and they’re using that same list, or variations of it, to select which addresses to use when spoofing.
Currently, there is no effective way to stop them.
What should I do if I receive a phishing email?
If you receive a phishing email to your inbox, here are a few actions you can take:
- Do not open it. In some cases, the act of opening the phishing email may cause you to compromise your security.
- Do not send any funds. Transactions confirmed on the blockchain are irreversible, so if you send funds to a scammer, you wouldn’t be able to retrieve your funds.
- Delete it immediately to prevent yourself from accidentally opening the message in the future.
- Do not download any attachments accompanying the message. Attachments may contain malware such as viruses, worms or spyware.
- Never click links that appear in the message. Links embedded within phishing messages direct you to fraudulent websites.
- Do not reply to the sender. Ignore any requests the sender may solicit and do not call phone numbers provided in the message.
- Report it. Let us know you have been sent a phishing email by writing to us at [email protected]
Why Do Scammers Spoof Your Address?
Scammers send you emails that appear to come from your address for one of two reasons, generally. The first is in the hopes they will bypass your spam protection. If you send yourself an email, you’re likely trying to remember something important and wouldn’t want that message labeled as Spam. So, scammers hope that by using your address, your spam filters won’t notice, and their message will go through. Tools do exist to identify an email sent from a domain other than the one it claims to be from, but your email provider must implement them—and, unfortunately, many don’t.Advertisement
The second reason scammers spoof your email address is to gain a sense of legitimacy. It’s not uncommon for a spoofed email to claim your account is compromised. That “you sent yourself this email” serves as proof of the “hacker’s” access. They might also include a password or phone number pulled from a breached database as further proof.
The scammer usually then claims to have compromising information about you or pictures taken from your webcam. He then threatens to release the data to your closest contacts unless you pay a ransom. It sounds believable at first; after all, they seem to have access to your email account. But that’s the point—the scam artist is faking evidence.
What to do about it
There’s nothing you can do to prevent From: spoofing.
Spammers can put whatever they like in the From: line. If they want to put your email address there, they can.
The good news is, most automated spam filters realize the uselessness of the From: line, and probably won’t start blocking the email you send because some spammer happens to be using your address. Naturally, some people might not realize this, and they could try blocking you, but given that spammers spam everyone, the chances that it’s someone you know or care about is pretty slim.
The only thing you can do is to keep doing whatever it is you do to control spam. Typically, that’s marking spam as spam and moving on with your life.