There's an odd email in your in-box. You know it's spam because of the weird message it contains, but the name in the sender's line seems so ordinary - just a regular person and not at all a sleazy spammer.
That's because in nearly every case it is a regular person, an unsuspecting soul whose email account has been hacked and now all her family and friends, not to mention millions of total strangers, are receiving emails from her hawking all manner of products to enhance body parts, or to suggest a romantic hook-up.
How embarrassing for that person, you think. But what if that person were you?
Spammers hack users' email accounts so they can send out their messages anonymously. Sometimes they simply “spoof” an email address – disguising their message without actually breaking in and taking control of the account. Either way, however, it's bad news.
You may not realize your account has been hacked or spoofed until you start hearing from family and friends wanting to know why you're trying to sell them Viagra. At that point, you need to spring into action.
Get better malware protection
Amy Hebert, Consumer Education Specialist at the Federal Trade Commission (FTC), says the first thing to do is update your system and delete any malware. If your computer has malware protection, it might need better malware protection.
Next, she says you should change your passwords, not just on your email account but for all accounts. You may need to check with your email provider about steps in restoring your account.
Finally, notify your friends and contacts about the hack and warn them not to click on any links in emails they may have gotten from you.
Of course, it's best to take action before one of your accounts is compromised, especially one dealing with money. The FTC advises the best safeguard is making sure all accounts use unique passwords.
That way, if a hacker figures out one of your passwords, he or she doesn't suddenly have access to all your important accounts. The stronger the passwords, the harder they are to crack. But strong passwords are sometimes hard to remember.
That's why using a password manager such as LastPass might be a good alternative. It locks all your passwords in a vault and encrypts them when you type them into your browser. All you have to remember is a single master password to get into your vault.
Whenever you are asked to enter credentials like usernames and passwords, make sure you are dealing with a legitimate site. Never provide them in response to an email.
If the email or text seems to be from your bank, for example, visit the bank website directly rather than clicking on any links or calling any numbers in the message. Scammers are known to impersonate well-known businesses, and even government agencies, to trick people into giving out personal information.