What does it mean when contacts start getting bogus emails that look like they are from me?

Hi Jeffrey,

There's two possibilities as to what is happening:

• Your email account got hacked, OR

• Someone is impersonating you

As recommended by robnich, you should reset your email account password. Also, set up MFA (multi-factor authentication) to prevent your email account from getting hacked in the future.

Now, ask your contacts to check the email address in the From field on the scam messages. Does it have your real email address? Or does it have a fake address with your name attached to it?

robnich wrote:

This is often the result of email being hacked, so you should change your email password.

Seconded. Also Jeffrey, you should enable MFA (multi-factor authentication) on your email account if you haven't already done so.

1. Yes - your email password is the password used to activate the email server account. You would change it with the server company that provides the email service.
2. It is actually quite easy for anyone to create a random email address, but use your name as the account name. See the example below:

Suppose that you have an email account with these details:

• Name: Howard Thatcher
• Email: hthatcher1@server.com

Now, suppose that someone else (an imposter) also creates an email account with these details:

• Name: Howard Thatcher
• Email: myfakeaddress@differentserver.com

If the imposter sends an email using their new account, most mail clients will show the name of the sender account, instead of the email address. This can make it appear as if you sent an email that was actually sent from an imposter's account.

In this scenario, your email account is perfectly safe, but the imposter has impersonated you using their account. If your contacts check the email address in the From field though, they can easily see that the email was sent from an imposter's account, and not your account.

NOTE: There are ways to make it look like you sent an email, even though you didn't. This can be done by carefully modifying the hidden email header information. With these kinds of emails, any replies to the original email sent will actually be directed towards the scammer or imposter. Examining the headers, though, should reveal the true sender.

Overall TL;DR: Use good email account security (good password + MFA) and trust your gut. If something doesn't seem right, it probably isn't. Contact the supposed sender using a trusted alternate means of communication (e.g. iMessage or texting, phone call, etc) and double-check that they actually sent the email in question.

By whatever way the crook obtained your email address, changing your password is great, but a little like closing a barn door after the animals already escaped. And, there is no way to prevent it because bots are roaming the internet looking for real email addresses which are then sold to spammers. The only thing would be to change your email address - that works until someone steals that one. Spamming and phishing are big business - unfortunately.

One helpful method is use a web based email address for entering everywhere they want your address. Do not use for friends, just places that insist on having your address. Tell your friends not to use your address for mass mailings. And do not sign up for any newsletters or similar. Guard your address like Fort Knox.

This is often the result of email being hacked, so you should change your email password.