If your friends, or even strangers, are randomly receiving links or weird email messages from you, your account is probably compromised. To check if someone is actually logging in remotely to your email, most email providers have a way to show if someone else logged in to your account. To check this, follow these steps:
Msn.com/hotmail.com/live.com - Go to 'Account Settings' (under your name at the top right), and then click 'Recent Activity' on the left.
Gmail - It's a bit simpler in gmail, as you just go to the bottom right and click the 'details' link.
Once you're logged in there, you'll see something like this:
So, this shows information that can help you determine if someone else is logging in to your account.
If you are sending spam to your friends and DON'T see someone else logging in, then someone may be sending it from your actual computer (see option 4 below).
If you change your password, and you keep getting re-compromised, then your problem might be 'Option 2' below (or Option 3, and you keep replacing your password with another weak one).
- Password was stolen via phishing - This is the most likely answer. In this scenario bad guys try to get you to give them your login details (username and password). I'm sure you think "But I'd never do that!", but you'd be surprised. The most common way this happens is that you get an email telling you that your account has been compromised, or offering a new service. The email contains a link that LOOKS like it goes to your email provider. In reality, you can make any link look like it's going someplace, but then send the user somewhere else. So, in this case they send you to a page that looks just like your email login page, but isn't. Once you arrive there, you naturally enter your login credentials and BAM, you're toast. They've got your login details now. Sometimes they even prompt you for answers to your security questions too, so that if you change your password, they can get right back in via the security questions (mother's maiden name, etc.).
- To fix this, you'd need to reset your password and, to be safe, your security questions. I recommend a passphrase instead of a password. Most websites will foolishly tell you to use a password that looks like this: h9Ytz7Pp. Well, not only is that hard to remember, but it's actually EASIER for a modern password breaking tool to guess. The strongest passwords are actually passphrases... something like this: ireallyliketoeatcheeseandcrackers is nearly unbreakable AND it's easy to remember. Also, when you create answers to security questions, you don't have to answer truthfully. Often times the answers to security questions (Social security number, mother's maiden name, etc.) are readily available to bad guys in the underground. So, if the security question asks who your first teacher is, answer with something nonsensical (i.e. 'Tractor'). As long as you're consistent and remember (or write down) these answers, they work just fine and are safer. Following this, I highly recommend you set-up two-step verification. For details on this, see http://windows.microsoft.com/en-us/windows/two-step-verification-faq (for msn/hotmail/live) or https://support.google.com/accounts/answer/180744 for gmail.
- Password was stolen via credential theft malware - In this scenario malware (Often incorrectly referred to as a 'virus' by laymen) gets on your computer and steals your keystrokes and/or files containing login credentials. By stealing keystrokes the malware can watch for literally anything you type... it can watch for you to visit a specific website (i.e. hotmail.com, gmail.com, etc.) then logging your password and username.
- To fix this, you'd need to reset your password and, to be safe, your security questions. I recommend a passphrase instead of a password. Most websites will foolishly tell you to use a password that looks like this: h9Ytz7Pp. Well, not only is that hard to remember, but it's actually EASIER for a modern password breaking tool to guess. The strongest passwords are actually passphrases... something like this: ireallyliketoeatcheeseandcrackers is nearly unbreakable AND it's easy to remember. Also, when you create answers to security questions, you don't have to answer truthfully. Often times the answers to security questions (Social security number, mother's maiden name, etc.) are readily available to bad guys in the underground. So, if the security question asks who your first teacher is, answer with something nonsensical (i.e. 'Tractor'). As long as you're consistent and remember (or write down) these answers, they work just fine and are safer.
- Next, and this is important, don't log in to your email account again until the malware is removed from your computer or else they'll just steal the information all over again and you'll be back at square one. A pro will need to remove the malware and/or reinstall the operating system on your computer (i.e. start over).
- Following this, I highly recommend you set-up two-step verification. For details on this, see http://windows.microsoft.com/en-us/windows/two-step-verification-faq (for msn/hotmail/live) or https://support.google.com/accounts/answer/180744 for gmail.
- Weak password guessed - In this scenario bad guys find your email address (there are a variety of ways this happens, and most of them aren't your fault) and use a password guessing tool to try to gain access to your account. If you have a weak password (i.e. 'admin', '123456', 'password', etc) then this method works quite well. Once they guess it, they can then log in and use it to spam your friends and others. To resolve this, follow the steps in Option 1 above.
- Malware is manipulating your computer - In this scenario malware (Often incorrectly referred to as a 'virus' by laymen) gets on your computer and is able to control it. So, when you're not paying attention they can use your email from your computer. Alternately, bad guys can tunnel through your computer so that activities they perform from their computer (including using your email, see option 2 above), appear to be coming from your computer. Fixing this is the same as seen in option 2 above.
- One of the above later spoofing your email - If your email was compromised at some point, the attackers could steal your contact list, and then send spam to your contacts while posing as you (spoofing their email to look like yours). This is hard to detect and hard to stop.