SPAM and Hijacked Outlook Contacts

I recently began getting notices from some of my Outlook contacts that they have been contacted by "ME" via email with a link (one example of the link is:  This has happened several times, each time with a different "selection" from my Contacts list, and always with a link that ends in "php".  I have not followed the link fearing it is malware, and have notified everyone in my list to avoid opening attachments or following links UNLESS they come with a specific, non-generic cover note.  However, now that this is continuing, I am wondering if there is a way to stop it without cancelling my long-term email account.  I have run several scans of my system, and there doesn't appear to be anything ON my system.  Advice?



Who is Participating?
Britt ThompsonConnect With a Mentor Sr. Systems EngineerCommented:
You may have a rootkit or someone may be spoofing your email address or may have hacked into your email account. First, change your email password. Second, run scans with ComboFix (, Malwarebytes ( and Hitman Pro ( Hitman Pro gets rid of rootkits that nothing else can touch.
ocanada_techguyConnect With a Mentor Commented:
Change your passwords.
Do you use this email account for Facebook?  A a rule use different passwords for facebook and the email account associated with facebook.  Why?  Because rogue apps on FB will sometimes fool one into giving their credentials and then the first thing the rogue developers do is try that same password and email address to see if they can get in the email.
A similar but different phish that's a classic is websites that entice people to provide their email and password to find out who has them blocked on messenger or some other seemingly very useful and appealing but totally BS offer.

This is "social engineering".  Another bit of social engineering is they feel as though people are more likely to follow links and open their junk if it appears to come from somebody you know as opposed to a complete stranger.  Therefore what they often do, is once they get on someone's machine or get into someone's email, they look at all the email messages of the past, and then use the email addressesfoud in the messages as to who to pretend to be from and who to send to.

Example: among all the email messages there is aemail that was forwarded to B, C, D, E, and F, from you A, and a bit further in the body of the message it showsit was sent to you A, along with P, Q, R, S, T from original sender Z.  Well, then the spammers send a spam A to B, D to A, S to Z, etc and so on, figuring these people "know" each other.

So you see, it might be something bad on your computer, or it might not be "on" your computer at all, it might be a website that you disclosed your credential to, or it might be a friend or aquaintance's email that was actually compromised and now it pretends to be all that person's friends.

By the way, this doesn't have to be people doing this, they write rogue programs to do it.  "bots"  That is what 90% of hijack virus spyware is used for, to try to capture your passwords, or get into your content, or glean your online banking information, or to hijack your computer and use it as a phony email server to send or be a relay point to send spam via.

Another big one is to get into the address book or online contacts.  Using Outlook are you accessing this email account as a hotmail, yahoo, or gmail account that simultaneously offers webhosted email?  Something else to check if it is a hotmail (aka Windows Live) is some of the latest hijack bots are also going into your account and deleting contacts and emails.  In hotmail on the menu Contacts> Manage contacts you can now undelete any contacts deleted in the last 30 days.  If they had deleted all of your emails, or most of them, you'd have to contact a Windows Live technician via the Windows Live forum fairly quickly, preferably within 24 hrs to a week, and they might be able to restore your email account contents.

If they are "spoofing" your account, what that means is they are sending email from a completely different email server but in the "from" field they are pretending to be you, and whatever different email server they are using for this has lowsy security or is phony and allows that to happen.  There's not much you can do about that, but luckily suchemailusuallygets directed to peoples Junk folder as coming from suspect or blacklisted sources.

"Good" email servers now make sure that one signs on with correct credentials and are a liegitimate user of that email server before allowing them to send.   That is why if the bad hacking hijack scripts and robots actually got into your actual account their spam email will be sent more succesfully.

If you can examine the full header information of the spam emails that some of your friends are receiving supposedly from  you, with a little skill one can figure out what email servers the message was routed through and what original IP address the message was sent from.

If someone forwards you at least two of them at once as an attachment (because a traditional normal forward or reply strips the header), then you should be able to open them and look at their full headers.

IF for instance, the message was routed from your hotmail through nothing but hotmail servers as its origin, well that would be evidence that your actual account was actually compromised.
On the other hand if it is going through bad or phony servers, best thing we all can do is identify it as junk, so the good servers and filters will learn, which is just a click away in hotmail, yahoo or gmail.

Unfortunately once they've got those email addresses in their list(s), they'll continue to try to send to them.

You want to make it difficult to use yours, and be fairly certain your system is not still compromised (using anti-spyware anti-malware anti-virus techniques already given by experts above), AND you most definitely want to be certain that your accounts are secured.
philsimmonsAuthor Commented:
Together these comments formed the most thorough (and, hopefully, most effective) solution I've ever received.  THANKS !!
When I start outlook up, it starts sending emails to my contacts.  I have downloaded and installed all of this stuff, and NOTHING is finding anything.

This must be something new, any ideas?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.