Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security

Is My Email Account Hacked? I Didn't Send That Message!

This document explains why you may receive emails bounced back to your email address, but you did not send the email in the first place.

Sometimes you may receive an email bounce-back because "Mail delivery failed: returning to sender" or "User doesn't exist: returning to sender" for messages that you never sent. Unfortunately, this is becoming more common.

The obvious concern is that your email is compromised. However, this is often not the case. What occurs is that a spammer uses your email address as the From in spam or phish messages sent to others. That way, his true identity is hidden, and he also does not receive the bounce-backs of potentially tens or even thousands of emails.

In this case, an attacker did not access your email to send the spam. He simply forged the sending address. It's as if someone wrote your name and address as the return address on an envelope and dropped it in the postal mailbox. If it can't be delivered, the envelope would be returned to you by the post office. It is very unlikely you were personally targeted.

How did they get my email address?

Spammers/phishers gather email addresses in various ways. Most email addresses they find, including your University email address, are publicly available on the Internet. Such emails are usually gathered automatically through scripts and compiled for later use.

Is there anything I can do?

Unfortunately, if it is a case of simply forging the sending address, there is nothing you can do. If the volume of these bounce-backs is high, you may wish to create a filter in your email client to automatically file these.

Also, for peace of mind, check the Sent folder of your email to see if such messages were truly originating from your account. (But be aware that a spammer may send and then delete the forged email.)

Finally, we suggest you change your CNetID password. If an attacker does know your credentials, he/she should not be able to get back into your account if you change it.

You can email IT Security or call 773-702-2378 if you have additional questions or concerns.

Keywords:bounce forged envelope hacked compromise bounce-back spam   Doc ID:28859
Owner:Synita C.Group:University of Chicago
Created:2013-03-01 11:38 CSTUpdated:2016-08-20 13:20 CST
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  28   5