Is My Email Account Hacked? I Didn't Send That Message!

This document explains why you may receive emails bounced back to your email address, but you did not send the email in the first place.

Sometimes you may receive an email bounce-back with the message "Mail delivery failed: returning to sender" or "User doesn't exist: returning to sender" for messages you never sent. Unfortunately, this is becoming more common.

The obvious concern is that your email account is compromised. However, this is often not the case. What happens is that spammers use your email address as the From in spam or phish messages sent to others. That way, their true identities are hidden, and they do not receive bounce-backs of potentially tens of thousands of emails.

In this case, spammers did not access your email account to send the spam. They simply forged the sending address. It's as if someone wrote your name and address as the return address on an envelope and dropped it in the postal mailbox. If it can't be delivered, the envelope would be returned to you by the post office. It is very unlikely you were personally targeted.

How did they get my email address?

Spammers and phishers gather email addresses in many ways. Most email addresses they find, including your university email address, are publicly available on the Internet. Such emails are usually gathered automatically through scripts and compiled for later use.

Is there anything I can do?

Unfortunately, if it is a case of simply forging the sending address, there is nothing you can do. If the volume of these bounce-backs is high, you may wish to create a filter in your email client to automatically file these.

Also, for peace of mind, check the Sent folder of your email to see if such messages were truly originating from your account, but be aware that a spammer who did use your account could send messages and then delete them from your sent folder.

Finally, we suggest you change your CNetID password. If an attacker does know your credentials, he or she should not be able to get back into your account if you change it.

You can email IT Security or call (773) 702-2378 if you have additional questions or concerns.

Keywords:bounce, forged, envelope, compromise, bounce-back, spam   Doc ID:28859
Owner:Rosa M.Group:University of Chicago
Created:2013-03-01 12:38 CDTUpdated:2017-06-19 06:36 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  35   6