Have you ever gotten an e-mail from yourself that you didn’t send?
Here’s an example from my inbox.
Yep, there are 4 messages to myself from myself that I never sent. The modern day version of talking to yourself – except they aren’t legit.
They are supposedly from my e-mail address – but I didn’t send them.
That is something called “spoofing” on the internet. It happens when someone, a “bad guy” for lack of a more descriptive term, wants to send spam or junk mail, or worse, and hijacks your internet e-mail address to do so.
No, they have not broken into your e-mail account, they are just appending your address as the “sent” address so that it gets through filters and such. However, if this happens to you, the FIRST thing you should do is to check your “sent” folder to be sure you don’t have a virus or some kind of malware sending things from your computer.
The bad news is that there is nothing at all I can do about this – except wait until the wave is over and hope there isn’t another one anytime soon.
Why did they pick me? Because they can – they search for valid addresses and the more widely received, the better, because it makes their target audience larger.
A few Internet Service Providers use “source assured addressing” schemes where they connect the sending ID with the address it’s supposed to come from and “flag” suspicious e-mails. You can see that AT&T did just that and put it the messages into my spam folder, labeled “bulk.” It’s up to me to delete them. Some spam never makes it this far and the vendors just throw the messages away.
Now the bad news on my end is that my address may become associated with spammers and get blacklisted. There’s nothing I can do about that.
On your end, consider this a heads up – for my e-mail address and others. If you receive something you don’t expect from someone, or just a link to click – DONT CLICK. Don’t EVER click.
If you receive something from someone you know with a vanilla sounding message like: “You have to see this,” followed by a link – your internal neon danger sign should be flashing like crazy. And for goodness sake, DON’T CLICK.
Another tactic is to attach a document of some sort that you are instructed to open. Don’t do that either. If you’re not expecting a refund or a package or whatever…the message is fake. And by the way the IRS does not contact you via e-mail and neither does the court requesting jury duty, etc.
Conversely, if you’re sending a link to someone, send at least enough of a message that the recipient knows it really is from you. For example, “I found this link about the first Algonquian Bible which was the first Bible printed in the US.” Then add your link. My friends will know that is something I would be sending – not a message that’s so generic they have no way of knowing if the e-mail is legitimately from me.
I received an e-mail last week from Justin, someone connected to genealogy with whom I communicate regularly. The e-mail said Justin had sent me a message through XYZ and to “click here” for the message, shown below. I found that odd since Justin regularly e-mails me and has never used any kind of message service.
I was suspicious, so I didn’t click. I didn’t want to miss something from Justin, so I forwarded the e-mail to Justin and asked if he sent it. He said that he had clicked on that same link in an e-mail he received and it then sent itself to his entire e-mail list. You can rest assured that’s not all it did and now he has some malware someplace on his computer as well doing who-knows-what. The bad guys don’t do these things just for fun.
I quickly deleted that e-mail and was very grateful for my second sense that told me something was amiss.
While most genealogists do talk to themselves, it’s not quite like this. Stay vigilant and if there is any doubt, don’t click. Better wary than sorry. Otherwise, you won’t be talking to yourself, you’ll be swearing at yourself!