1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

How did spammers get my contacts?

By pioneerx01 ยท 6 replies
Dec 8, 2017
Post New Reply
  1. I got a call from my uncle today that the link in the email I have sent him did not work. I did not send him any email, so I have asked him to forward it to me. The email had my name, but came from other email address ***@lilac.ocn.ne.jp. That's not troubling much, however based on header info the same email has been also sent to few other people in my address book. I use multiple Gmail accounts where I keep the one with my contacts fairly isolated. I do not use it to sign up for anything, no sites, no forums, no newsletters, no look up my contacts to connect with people,... I have other dummy accounts for that, with no personal contacts. All my devices are personal and I do not log in anywhere else or use public WiFi.

    So how did someone get my contacts from my personal email account?
  2. jobeard

    jobeard TS Ambassador Posts: 13,119   +1,594

    Mobile Apps frequently ask for access to your Contacts --who knows what they do once permission is granted.

    At least the Apps ask, whereas our PC programs are stealthy and we have no knowledge of access at all.

    I run with as few addons and extensions as possible in my browsers as these come from 3rd parties and there integrity is unknown.
  3. jobeard

    jobeard TS Ambassador Posts: 13,119   +1,594

    Btw: Using CC: in email exposes you to all recipients as well as to each other. If any one of them forward that email, the problem explodes to other unknown (to you) persons.

    Instead, use the Bcc: feature and everyone will swear that you sent it directly and ONLY to them as the list is not retained in the email headers.
  4. pioneerx01

    pioneerx01 TS Guru Topic Starter Posts: 277

    Thanks for the info. Isn't mobile security based on isolating each app from the core OS where each app will need to get permission to access other parts of the phone like camera, contacts, pictures,...?

    I didn't send the spam email to the users, I was not the one who CCd them in the headers.
  5. jobeard

    jobeard TS Ambassador Posts: 13,119   +1,594

    Yes and understood. Grabbing ID and then using it would no occur at the same time.
    Fetch contacts and users email, saving for latter use. Then spam contacts say a week later with your id.

    The CC comment is how we can easily expose our contacts unknowingly.
    1. Send to a cc list
    2. User 'a' forwards to 'z'
    3. 'Z' reaps the list
    4. Later starts spamming
    You can verify which apps have access to contacts.

    Meanwhile, change your email login password
  6. pioneerx01

    pioneerx01 TS Guru Topic Starter Posts: 277

    I understand that. I don't mass CC emails like that, I not send mass emails at all or most anyways. Plus the users that were CCs together on the spam email are not the ones that would ever be CCd together as some I did not emailed for years, and several do not speak English, so they would not be copied on the same email string with other English speakers, if I was the one sending it. Which means they were not stripped form compromised email recipient. My contacts had to be access in other way. I am leaning towards one of the apps on my phone perhaps. I just don't know which one. I don't really download "off-brand" and unknown apps.
  7. Addicted2PC

    Addicted2PC TS Rookie

    Isn't it possible that either your uncle's or your computer has been infected with malware? As to my knowledge, it is possible that malware gains access to contacts. Of course, phishing and social engineering can also be used to do that. However, did you try to run Windows Defender and Malwarebytes or any security tool to see if your system is all clean? I would also suggest that for your uncle.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...