This has happened to me a couple of times, and I always get panicked calls from clients when it happens to them. All of a sudden your email inbox is flooded with undeliverable return email messages, sent to people you have never heard of. Hundreds of them, spanning sometimes as much as a week’s time. See below.
Has your email account been hacked? Do you have to change your password? In a word, NO. You are merely the victim of “spoofing,” which is when a spammer decides to impersonate you as the email sender. They have merely borrowed your email address ONLY, not your account.
Spammers use botnets to send millions of messages a day (not exaggerating here), and purchase lists of email addresses from list builders on the dark web. Some of these email addresses are old, and the account is closed. So when the spam goes out to one of these dead email accounts, the mail server that is responsible for that email domain will send an undeliverable message to the sender.
What is interesting in my own case, is that they are spoofing someone else’s name and coupling it with one of my email addresses. I got a cute reply from someone’s “Aunt Mabel” who told me that the link on the email made her anti-malware software pop up a scary red warning screen, so she was not able to see the dancing kitties or whatever.
In any event, the only thing I can do is wait out the storm. It seems that the spammers are using several different email accounts on my business email domain. There is nothing that can be done here, other than to delete the return messages piling up in my inbox, and write this illuminating article about it. Eventually the spammers will spoof someone else, and it will be over, at least for me.
JAN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com