When you are receiving emails from your own account, there are 2 possibilities at play:
- Your email account has been hacked and used to send spam
- Your email address has been spoofed
To find out which is the likely event, log in to your hosting control panel (or your email account’s webmail) and check to see if any emails are in your SENT folder like the one you have received. If you DO find email in your Sent folder that you did NOT send: Your account has been compromised (hacked). Change your email password immediately to one that is strong. That should stop future access.
If you do not see any suspicious emails in the sent folder, then most likely your email address has been spoofed! Here’s how to deal with that…
What is Email Spoofing?
Spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it.
These emails do not originate from your email account and may not have any contact with the email or hosting system – the addresses are just edited to make them appear that way.
The message actually originates from the spammer’s email account and is sent from the spammer’s email server.
How to tell if you have been spoofed?
- You see mailer-daemon error messages (returned emails) in your inbox that do NOT match any messages you sent out (as if someone sent a letter to another person and wrote your return address on the envelope instead of their own.)
- You get messages from people who received email from you that you did NOT send
What should I do?
Unfortunately there isn’t a way to stop whoever is spoofing your account right now, changing your password can help secure your account from being compromised in the future. In addition to creating a strong password, the best way to secure your account is to know how to spot phishing and email scams as soon as they hit your Inbox. If in doubt – don’t click!