How did spammers get my contacts?

pioneerx01

pioneerx01

Posts: 279   +2
I got a call from my uncle today that the link in the email I have sent him did not work. I did not send him any email, so I have asked him to forward it to me. The email had my name, but came from other email address ***@lilac.ocn.ne.jp. That's not troubling much, however based on header info the same email has been also sent to few other people in my address book. I use multiple Gmail accounts where I keep the one with my contacts fairly isolated. I do not use it to sign up for anything, no sites, no forums, no newsletters, no look up my contacts to connect with people,... I have other dummy accounts for that, with no personal contacts. All my devices are personal and I do not log in anywhere else or use public WiFi.

So how did someone get my contacts from my personal email account?
 
Mobile Apps frequently ask for access to your Contacts --who knows what they do once permission is granted.

At least the Apps ask, whereas our PC programs are stealthy and we have no knowledge of access at all.

I run with as few addons and extensions as possible in my browsers as these come from 3rd parties and there integrity is unknown.
 
Btw: Using CC: in email exposes you to all recipients as well as to each other. If any one of them forward that email, the problem explodes to other unknown (to you) persons.

Instead, use the Bcc: feature and everyone will swear that you sent it directly and ONLY to them as the list is not retained in the email headers.
 
Thanks for the info. Isn't mobile security based on isolating each app from the core OS where each app will need to get permission to access other parts of the phone like camera, contacts, pictures,...?

I didn't send the spam email to the users, I was not the one who CCd them in the headers.
 
Yes and understood. Grabbing ID and then using it would no occur at the same time.
Fetch contacts and users email, saving for latter use. Then spam contacts say a week later with your id.

The CC comment is how we can easily expose our contacts unknowingly.
  1. Send to a cc list
  2. User 'a' forwards to 'z'
  3. 'Z' reaps the list
  4. Later starts spamming
You can verify which apps have access to contacts.

Meanwhile, change your email login password
 
I understand that. I don't mass CC emails like that, I not send mass emails at all or most anyways. Plus the users that were CCs together on the spam email are not the ones that would ever be CCd together as some I did not emailed for years, and several do not speak English, so they would not be copied on the same email string with other English speakers, if I was the one sending it. Which means they were not stripped form compromised email recipient. My contacts had to be access in other way. I am leaning towards one of the apps on my phone perhaps. I just don't know which one. I don't really download "off-brand" and unknown apps.
 
Isn't it possible that either your uncle's or your computer has been infected with malware? As to my knowledge, it is possible that malware gains access to contacts. Of course, phishing and social engineering can also be used to do that. However, did you try to run Windows Defender and Malwarebytes or any security tool to see if your system is all clean? I would also suggest that for your uncle.
 
You must log in or register to reply here.

Similar threads

learninmypc
Please verify your email address
Replies
5
Views
3K
Mark Fuller
M
E
Apple ignored warnings that AirDrop had a vulnerability that China learned to exploit
2
Replies
29
Views
550
hahahanoobs
hahahanoobs
midian182
Predatory loan apps continue to exploit users despite Google's ban
Replies
8
Views
273
sdms96825
S

Latest posts

Back