Portal Home > Knowledgebase > cPanel > Is my email address compromised or being spoofed?
Is my email address compromised or being spoofed?
Sometimes you may receive emails that appear to be from your email address, or email delivery notifications from others stating emails you sent couldn't be delivered (e.g. mailbox full, user doesn't exist, etc), even though you never sent any messages to the recipient email addresses being listed (e.g. "Sorry we couldn't deliver your email to Bob@example.com, because that user doesn't exist, when you never emailed Bob@example.com).
What do we mean by spoofed?
Email spoofing basically means someone is pretending to send email from your email address. Faking the return email address of their outgoing emails to make it appear as if the email was sent from you. This is very easy and common for spammers to do. Usually it is in an attempt to get you or others to mistakenly click a link or open an attachment. Think of it similar to regular mail where you write down a return/from address on the envelope. If there are any problems with the mail delivery the post office will return the mail to you, even if you never sent the mail (i.e. someone spoofed your physical mailing address). If someone is spoofing your email address they do NOT have access to your emails or contacts,, they are simply pretending the email was sent from you.
If your email address is only being spoofed and you have no reason to believe your email account was compromised you don't necessarily have to do anything. Since no matter how secure your account maybe, it's inherently easy to spoof email addresses (as mentioned with the physical mail example mentioned above). Though some email validation systems exist to deter email spoofing such as SPF records, see https://en.wikipedia.org/wiki/Sender_Policy_Framework If you're looking to have SPF enabled please contact email@example.com and we can advise further. Please know even with SPF enabled for your email domain it doesn't mean spoofing will be fully stopped, however it is a deterrent and shown to be somewhat effective in doing so. Additional details can also been obtained from the Sender Policy Framework website http://www.openspf.org/
Either way, it's recommend you continue reading to know what to look for in regards to whether or not your account was spoofed or compromised. Also it may not be a bad idea (better safe than sorry) to perform some of the steps mentioned below such as a virus scan and password reset.
What do we mean by compromised?
This means someone has gained direct and unauthorized access to your email account. This can happen in a variety of ways, most common of which is malicious software (viruses, malware, etc) being installed on a device (computer, phone, tablet, etc) that has access to send and receive emails from your email address. For example if you have your email account setup in a program such as Outlook on your office computer and said computer gets a virus. The virus could have gained access to your email account through Outlook on the infected computer and started sending out spam to your contacts and random email addresses.
Another common way your email address could be compromised is if you use the same password on multiple websites (we recommend having a unique and complex password for your email account). This means if one of those websites that share the same password as your email account are compromised, your email address is most likely already in their user login information for you, so whoever gained access to the compromised website login data could easily attempt to login to your email account using the email address and password they received from the compromised website.
If a lot of your email contacts (friends, family, coworkers, clients) are receiving suspicious emails from you, this most likely means your email account is compromised. It's possible a spammer is only spoofing your email address, but highly unlikely they would be sending emails to your contacts since spoofing doesn't grant them access to your account they would have to guess your contacts or retrieve them from another source (possibly a company website listing all your coworkers email addresses).
If you are seeing emails in your sent folder that you never sent this almost certainly means your account is compromised as a spammer spoofing your address doesn't have access to your sent folder.
What should you do if your account is compromised?
First, reset your email account password. This can be done by logging into your email account at our webmail site at https://mail.tomahawk.ca
Second, whether or not you believe your email address was spoofed or compromised, we highly recommend you fully scan any devices with access to your email account for viruses and/or malicious software. This is more important if your account was compromised, but still good to do either way.
If you have any questions or concerns please feel free to email us at firstname.lastname@example.org
Add to Favourites Print this Article