I received an interesting e-mail the other day. It was an advertisement for a Web site (i.e. spam) that supposedly offered Swiss watches for sale. Now I get a lot of this type of spam every day, but there was one thing that set this one apart -- it was from me!
I displayed the full headers and discovered that the "reply to" field was actually another Yahoo account. I reported the spam to Yahoo, which promptly checked my account and discovered that a spammer was "hijacking" my e-mail address and copying it into the "From" header of the e-mail. Luckily Yahoo Customer Service assured me my account had not been accessed.
Yet even though my account was still secure, I was in a sense a victim of identity theft. While no personal or financial information has been accessed, the fact remains that someone out there is sending spam that appears to originate from me. Even though the incident has been reported, I am still getting occasional e-mails from email@example.com advertising Top Quality Replica Watches.
And if I'm still receiving this spam, odds are other people are getting it also -- and this is my concern. Who else out there is receiving an e-mail supposedly from me that directs them to a Web site that may contain malware, adware or spyware? How many of my friends, relatives, business acquaintances or previous contacts are being tricked by this?
Does the CIO I communicated with a year ago now have spyware on his computer because of an e-mail he thought was from me? Have some of my previous employees had potentially destructive code downloaded onto their PCs because they accessed a Web site they thought was mine? Are any of my business contacts about to have their credit card information stolen because they think they're buying a watch that I am supposedly recommending?
My e-mail address is basically public information. It's shown at the bottom of this column, printed on my personal correspondence, displayed on my business cards, easily obtained from any e-mail I ever sent, and accessible via a variety of Internet directory services.
And so is yours! Anybody who has ever sent an e-mail is conceivably at risk. Anyone reading this column could get an e-mail from themselves advertising replica watches.
This e-mail hijack is more of a nuisance than a threat when compared to the financial and personal risks associated with other types of identity theft, but it highlights how easy it is for someone to obtain -- and abuse -- your information.
This has been a wake-up call to me. While I was always fairly careful with my personal information, I now take online security very seriously. I use the highest password strength I can and change my passwords regularly. I audit my online accounts, remove any unused credit card information, and delete accounts I haven't used recently. I insure my virus check subscriptions are updated regularly and scan all my PCs at least weekly for adware, spyware or malware.
The advent of e-commerce has brought an evolution in marketing with both personal and business benefits -- and risks. But with a little diligence, the risks can be managed.
So keep on shopping online, but be careful. And don't buy any watch offered in an e-mail from firstname.lastname@example.org. I don't recommend them!