Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


SPAM and Hijacked Outlook Contacts

Posted on 2010-11-28
Medium Priority
Last Modified: 2012-05-10
I recently began getting notices from some of my Outlook contacts that they have been contacted by "ME" via email with a link (one example of the link is:  This has happened several times, each time with a different "selection" from my Contacts list, and always with a link that ends in "php".  I have not followed the link fearing it is malware, and have notified everyone in my list to avoid opening attachments or following links UNLESS they come with a specific, non-generic cover note.  However, now that this is continuing, I am wondering if there is a way to stop it without cancelling my long-term email account.  I have run several scans of my system, and there doesn't appear to be anything ON my system.  Advice?



Question by:philsimmons
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 30

Assisted Solution

by:Britt Thompson
Britt Thompson earned 400 total points
ID: 34226930
You may have a rootkit or someone may be spoofing your email address or may have hacked into your email account. First, change your email password. Second, run scans with ComboFix (, Malwarebytes ( and Hitman Pro ( Hitman Pro gets rid of rootkits that nothing else can touch.

Accepted Solution

ken2421 earned 800 total points
ID: 34227094
LVL 11

Assisted Solution

ocanada_techguy earned 800 total points
ID: 34230878
Change your passwords.
Do you use this email account for Facebook?  A a rule use different passwords for facebook and the email account associated with facebook.  Why?  Because rogue apps on FB will sometimes fool one into giving their credentials and then the first thing the rogue developers do is try that same password and email address to see if they can get in the email.
A similar but different phish that's a classic is websites that entice people to provide their email and password to find out who has them blocked on messenger or some other seemingly very useful and appealing but totally BS offer.

This is "social engineering".  Another bit of social engineering is they feel as though people are more likely to follow links and open their junk if it appears to come from somebody you know as opposed to a complete stranger.  Therefore what they often do, is once they get on someone's machine or get into someone's email, they look at all the email messages of the past, and then use the email addressesfoud in the messages as to who to pretend to be from and who to send to.

Example: among all the email messages there is aemail that was forwarded to B, C, D, E, and F, from you A, and a bit further in the body of the message it showsit was sent to you A, along with P, Q, R, S, T from original sender Z.  Well, then the spammers send a spam A to B, D to A, S to Z, etc and so on, figuring these people "know" each other.

So you see, it might be something bad on your computer, or it might not be "on" your computer at all, it might be a website that you disclosed your credential to, or it might be a friend or aquaintance's email that was actually compromised and now it pretends to be all that person's friends.

By the way, this doesn't have to be people doing this, they write rogue programs to do it.  "bots"  That is what 90% of hijack virus spyware is used for, to try to capture your passwords, or get into your content, or glean your online banking information, or to hijack your computer and use it as a phony email server to send or be a relay point to send spam via.

Another big one is to get into the address book or online contacts.  Using Outlook are you accessing this email account as a hotmail, yahoo, or gmail account that simultaneously offers webhosted email?  Something else to check if it is a hotmail (aka Windows Live) is some of the latest hijack bots are also going into your account and deleting contacts and emails.  In hotmail on the menu Contacts> Manage contacts you can now undelete any contacts deleted in the last 30 days.  If they had deleted all of your emails, or most of them, you'd have to contact a Windows Live technician via the Windows Live forum fairly quickly, preferably within 24 hrs to a week, and they might be able to restore your email account contents.

If they are "spoofing" your account, what that means is they are sending email from a completely different email server but in the "from" field they are pretending to be you, and whatever different email server they are using for this has lowsy security or is phony and allows that to happen.  There's not much you can do about that, but luckily suchemailusuallygets directed to peoples Junk folder as coming from suspect or blacklisted sources.

"Good" email servers now make sure that one signs on with correct credentials and are a liegitimate user of that email server before allowing them to send.   That is why if the bad hacking hijack scripts and robots actually got into your actual account their spam email will be sent more succesfully.

If you can examine the full header information of the spam emails that some of your friends are receiving supposedly from  you, with a little skill one can figure out what email servers the message was routed through and what original IP address the message was sent from.

If someone forwards you at least two of them at once as an attachment (because a traditional normal forward or reply strips the header), then you should be able to open them and look at their full headers.

IF for instance, the message was routed from your hotmail through nothing but hotmail servers as its origin, well that would be evidence that your actual account was actually compromised.
On the other hand if it is going through bad or phony servers, best thing we all can do is identify it as junk, so the good servers and filters will learn, which is just a click away in hotmail, yahoo or gmail.

Unfortunately once they've got those email addresses in their list(s), they'll continue to try to send to them.

You want to make it difficult to use yours, and be fairly certain your system is not still compromised (using anti-spyware anti-malware anti-virus techniques already given by experts above), AND you most definitely want to be certain that your accounts are secured.

Author Comment

ID: 34232385
Together these comments formed the most thorough (and, hopefully, most effective) solution I've ever received.  THANKS !!

Expert Comment

ID: 35319631
When I start outlook up, it starts sending emails to my contacts.  I have downloaded and installed all of this stuff, and NOTHING is finding anything.

This must be something new, any ideas?

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step procedure, you will come to know the details of creating an Outlook meeting in 2007, 2010, 2013 & 2016.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question