When a friend or coworker reports that they've received a spam email from your account, there are two possibilities: Your email account was likely either spoofed or hacked.
Spoofing is when someone makes an email appear as though it was sent from somewhere it wasn’t, such as your email address. Spoofing may be used to trick someone into downloading a virus or revealing confidential information. A spoofer doesn’t need access to your email account in order to spoof it. So, as opposed to hacking, if your email has been spoofed your account is still safe.
Being hacked is more worrisome than being spoofed; if you’ve been hacked it means that someone has gained full access to your account. A hacker may get into your email through viruses or malware unintentionally downloaded on your computer, by guessing your password, or through a company data breach. After gaining access to your email account, a hacker could send emails out to all your contacts and potentially use your email to access your other online accounts.
Steps to Keep your Account Safe
- Always use strong passwords; use a different password for each online account you have.
- Keep your software and system updated, and always keep your antivirus programs up to date.
- Never open or download attachments to emails sent from someone you don't know.
- Monitor your “Sent Mail” folder to make sure that the e-mails coming out of your account were actually sent by you.
- Use tools that your email service provides. For example, in Gmail you can check your recent account activity.
- Sites like https://haveibeenpwned.com allow you to find out whether your email was compromised in a company data breach.
- If you suspect your account has been hacked, change your email password as soon as possible. If you used that same password for another account, change it there as well.
- And, finally, avoid posting your email address online.
Read this article for more information on hacking and spoofing