Spam from Xavier – how to avoid your email address getting stolen

Threats & Hacks

Hi Xavier,
I was happy to receive your e-mail. I was a bit surprised though that you urged me to go to a website selling Gucci, Prada and Louis Vuitton. You should know I’m more into labels of smaller designers. (Check out my new mittens from Lumi below. So beautiful, well made and functional in this winter weather! Mine are just black in color.)

But in the end it wasn’t you who sent the e-mail, someone had stolen your e-mail contact list and sent spam in your name. This is so annoying! What can we now do about it? How did your contact list even end up in the wrong hands? I went to ask Sean, our Security Advisor here at F-Secure (check out his Twitter feed), and he said:

“There isn’t much you can do, this is the nature of the Internet. Even if you are doing everything right, one of you friends or their friends might leak your e-mail address due to their bad e-mail habits. As the Internet is a big cobweb, you cannot really point out where the leak happened. But there are a few very basic things we should all remember when sending e-mails.”

  • Make sure the password for your email account is safe. (I just read somewhere that 123456 is still a very popular password – hope it isn’t yours!)
  • Do not forward jokes or newsletters. If you have to send an e-mail to a number of people, do not put their e-mail addresses in the CC field. (The BCC field is there for a reason: it keeps addresses hidden).
  • Do not sign up to less reputable sites or newsletters and distribute your e-mail address that way. (A lot of “fun” stuff might end up causing grief).

And Xavier, even though all this might sound really scary, you shouldn’t be too bothered. Yes, it’s annoying that your name is being used to sell Gucci, but the blunt truth is that there isn’t really anything that we could do about it afterwards. These things happen. What can you do about it? Follow the three tips above and soon you’ll be back on the right path.

Xavier, I hope to see you soon!


“Make sure the password for your email account is safe.” Whatever the password one should keep it safe (secret). Having a password that is strong/complex/difficult to guess is perhaps the aspect people need to focus on.
“The BCC field is there for a reason” It is often not there by default! I wonder if the less technical user has even seen it or knows even know what the BCC field is.

Thanks Steve,

Thanks for pointing out the issue about the BCC field. It’s true, in some mailing programs the BCC field is not there by default. If you are using for example Microsoft Office Outlook 2003, see the Microsoft Office help pages how to have that field visible.

Perhaps a small explanation of “BCC” is also called for. The BCC field in your email program means “Blind Carbon Copy”. If you wish to send the same email to many people but you do not wish the recipients to see the names of the people you sent the email to, use BCC field. Using the BCC field instead of CC field also prevents your friends’ email addresses getting stolen.

PS. Annika actually came up with quite a good system how to create a strong password, I’ll ask her to post it on the blog.

Checking any Privacy Policy a site might have can sometimes be useful in deciding whether to sign up or not.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

You might also like