Email phishing

Help Support

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.


Established Member
20 Feb 2004
Reaction score
In the eternally wet North
Here's a puzzle that I hope the IT gurus can shed some light on.

I got a scam/phishing email as part of a small group (four) recipients- all in the To: field. Let's call them Sue, Sheila and Vicky

The From field is Jan <[email protected] and the content was signed Jan

Now here's the thing... I know and have emailed Jan (my sister). I don't know Ron, Sue or Sheila. It's possible I may have sent an email to Vicky several years ago.

Ron, Sue, Sheila and Vicky are all in Jan's circle but not in Ron's.

Therefore who's computers contact list has been compromised to send out this email?

My sister swears blind that she is running the latest version of Avast.

Or is there not enough information to say who? I can PM or email the long header if necessary but, for obvious reasons, don't want to stick the addresses out in cyberspace.

I've no idea who's compromised but I will say having an antivirus solution is not the cast iron guarantee your sister believes. What if someone has hacked into her emails online? They've not touched her PC, not come near Avast, yet they have still got her contacts.

I'm not saying this is the case, I'm just saying it is a possibility.

Avast (or any other anti-virus program) will not prevent someone's email from being hacked online. A few years back my company email account was hacked somehow and about 20 pfishing emails had been sent from that account (all offering large sums of money to anyone who would help get millions of dollars out of Nigeria). I discovered this by chance when I was clearing out old emails to make room in my mailbox and came across them in my Sent Folder. By good luck it had only happened a couple of days earlier so I was able to stop it happening again.

Best thing for all those involved in this instance is for them to change their email passwords immediately in order to prevent continued access by whoever did the original hacking.

Hope this helps.

Similar thing happened to me about 4 years ago. From all my contacts that let me know I'd been spammed, I drew the conclusion that in fact my address book had been "stolen" from my ISP - then known as BT Yahoo - and not the address book on my PC.
I came to this conclusion because the spam emails were sent in groups of four alphabetically but certain people were missing. They were the ones in my PC address book that were not in the Yahoo address book (which lived off in Yahoo land somewhere). Only 3 or 4 differences but enough to make me suspicious.
BT's advice was to change the password that I used on the odd occasion that I logged in to read mail via the web.

At the time, Yahoo were often blamed for these leaks.