I received an interesting email the other day. It was an advertisement for a website (i.e. spam) that supposedly offered Swiss watches for sale. Now I get a lot of this type of spam every day, but there was one thing that set this one apart - it was from me!
I displayed the full headers and discovered that the 'reply to' field was actually another Yahoo account. I reported the spam to Yahoo, which promptly checked my account and discovered that a spammer was 'hijacking' my email address and copying it into the 'From' header of the email. Luckily Yahoo Customer Service assured me my account had not been accessed.
Yet even though my account was still secure, I was in a sense a victim of identity theft. While no personal or financial information has been accessed, the fact remains that someone out there is sending spam that appears to originate from me. Even though the incident has been reported, I am still getting occasional emails from [email protected] advertising Top Quality Replica Watches.
And if I'm still receiving this spam, odds are other people are getting it also - and this is my concern. Who else out there is receiving an email supposedly from me that directs them to a website that may contain malware, adware or spyware? How many of my friends, relatives, business acquaintances or previous contacts are being tricked by this?
Does the CIO I communicated with a year ago now have spyware on his computer because of an email he thought was from me? Have some of my previous employees had potentially destructive code downloaded onto their PCs because they accessed a website they thought was mine? Are any of my business contacts about to have their credit card information stolen because they think they're buying a watch that I am supposedly recommending?
My email address is basically public information. It's printed on my personal correspondence, displayed on my business cards, easily obtained from any email I ever sent, and accessible via a variety of internet directory services.
And so is yours! Anybody who has ever sent an email is conceivably at risk. Anyone reading this column could get an email from themselves advertising replica watches.
This email hijack is more of a nuisance than a threat when compared to the financial and personal risks associated with other types of identity theft, but it highlights how easy it is for someone to obtain - and abuse - your information.
This has been a wake-up call to me. While I was always fairly careful with my personal information, I now take online security very seriously. I use the highest password strength I can and change my passwords regularly. I audit my online accounts, remove any unused credit card information, and delete accounts I haven't used recently. I insure my virus check subscriptions are updated regularly and scan all my PCs at least weekly for adware, spyware or malware.
The advent of e-commerce has brought an evolution in marketing with both personal and business benefits - and risks. But with a little diligence, the risks can be managed.
So keep on shopping online, but be careful. And don't buy any watch offered in an email from [email protected] I don't recommend them!