I received an email from my wife, or at least it was spoofed to appear to come from here while actually, according to the headers, coming from a complicated email address appearing to come from a secondary school in Austria. Of course that is most likely a lie too. The content was obviously spam, and was in fact sent to Spam by SpamSieve. The headers were extremely complex, bouncing all over numerous Microsoft and Google domains
But, the thing that bothers me is the spoofing of her name and that the email was sent to my most private email address that I only use for family a few highly trusted other senders.
I suppose I should just write this off. After all, SpamSieve did its job. The email was so strangely composed there was no way I would have believed it. And, I didn’t click the obviously bogus links in the message. But the context is too close to home to brush off. I’m certain neither of us or our accounts have been compromised – I’ve checked, scanned, etc. But how this freak got my address and connected it to her is something I cannot shake.
This happened to me a while back. Emails purportedly from me were sent to several contacts of mine. Not obvious ones, and one was not even in my address book.
I’m certain that my email was not compromised (2 factor, don’t upload my contacts to other sites), although trying to convince one angry contact that it wasn’t my doing was nearly impossible.
We were all members of a Rotary club, and I assume that another club member had their email account compromised, or had uploaded their entire address book to a website and that was compromised. In any case, it was logical that the scammers would simply pick some unlucky “from” address and send to people in the address book. They may have been even more sophisticated and looked for emails copying us all in. I was president of the club for a year, so a lot of emails would have come from me.
Given quite a few club members regularly had their Facebook accounts compromised by clicking on dodgy links, pinning down who the third party was would be difficult.
Your “private email address”, like mine, was compromised the first time we used it. Email addresses are less secure than email messages. If you are willing to go to the trouble of encrypting the body of an email at least that can be made reasonably secure.
That’s my suggestion. You cannot keep unencrypted email secure any more than you can protect a business card you hand out to a potential customer.