- Can A Mac Get Hacked
- I Have Been Hacked
- Has My Computer Been Hacked
- Is My Mac Hacked
- Has My Phone Been Hacked
- My Mac Address Book Has Been Hacked Free
Signs your Apple ID has been compromised
Apr 08, 2009 Most of us have seen those spoof e-mails, when a personal e-mail address has been commandeered for the purpose of sending spam, but in this case, to everyone in your address book. You can be hacked while having an antivirus and firewall on, but someone having your IP address and/or MAC address is not much of a factor. IP addresses and MAC addresses are not secret, and someone having them makes very little difference in how.
Jul 24, 2010 Somehow my @comcast.net e-mail account is sending e-mails with a one line link to various members of my address book. 15-20 per day. The link address. Mar 08, 2013 My Mac's Been Hacked! Mac users get hacked, too. Here are some tips for when you think your Apple's core is rotten with malware. March 8, 2013 facebook.
Mar 25, 2020 If you think your Apple ID is compromised, use these steps to gain control of it and review your account information: Sign in to your Apple ID account page.If you can't sign in or you receive a message that the account is locked when you try to sign in, try to reset or unlock your account. Change your Apple ID password and choose a strong password.
Your Apple ID might be compromised if you receive an account notification from Apple for a change you didn't make, or if you notice account details or changes you don’t recognize. For example:
- You receive an email or notification that your Apple ID was used to sign in to a device you don't recognize or did not sign in to recently (for example, 'Your Apple ID was used to sign in to iCloud on a Windows PC').
- You receive a confirmation email from Apple that your Apple ID password was changed or your account information was updated, but you don’t remember making any changes.
- Your device was locked or placed in Lost Mode by someone other than you.
- You see messages you didn't send, or items you didn’t delete.
- You see charges or notices for purchases that you didn't make. Learn what to do if you see an unfamiliar iTunes Store or App Store charge on your credit or debit card statement.
- Your password no longer works, or it might have been changed or locked.
- You don't recognize some or all of your account details.
If you received an email, text message, or phone call that you're not sure is valid or you think might be phishing, here are some tips to help determine its legitimacy.
Gain control of your Apple ID
If you think your Apple ID is compromised, use these steps to gain control of it and review your account information:
- Sign in to your Apple ID account page. If you can't sign in or you receive a message that the account is locked when you try to sign in, try to reset or unlock your account.
- Change your Apple ID password and choose a strong password.
- Review all the personal and security information in your account. Update any information that isn't correct or that you don’t recognize, including:
- Your name.
- Your primary Apple ID email address.* If you need to change your email address, update the features and services that you use with Apple ID, so that each one is using your updated Apple ID.
- All alternate email addresses, rescue email addresses, and phone numbers.
- The devices that are associated with your Apple ID, if you've already set up two-factor authentication.
- Security questions and answers. If you think they might be easy to guess, you should change your security questions.
- Check with your email address* provider to make sure that you control every email address associated with your Apple ID. If you don't control the email addresses associated with the Apple ID, you should change the password for the email address or use a different email address.
- Set up two-factor authentication for your Apple ID. This additional security feature is designed to prevent anyone from accessing your account, even if they know your password.
* In China mainland and India, you can use your phone number as your Apple ID.
If you completed the steps above and think your account might still be compromised, contact Apple Support.
Know which Apple ID is signed in to your device
If you're signed in on your device with an Apple ID that you don't recognize, use these steps to sign out, then back in with a different Apple ID. To make sure that you're signed in to Apple IDs that only you control or trust, you can check the following settings on each of your devices:
iPhone, iPad, or iPod touch:
- Settings > [your name]
- Settings > [your name] > iTunes & App Store
- Settings > Messages > Send & Receive
- Settings > FaceTime
Mac:
- System Preferences > Apple ID
- System Preferences > Internet Accounts
- Messages > Preferences > Accounts
- Facetime > Preferences > Settings
- Mail > Preferences > Accounts
- Calendar > Preferences > Accounts
You should also check iCloud for Windows, your AirPort Time Capsule or other AirPort Base Station, and your Apple TV (for iCloud Photos or Home Sharing).
Make sure your Apple ID is secure
Because you use your Apple ID for so many Apple products and services, you should make sure that your Apple ID is as secure as possible. You should be the only person who knows your password and can sign in with your Apple ID. If someone you don’t know or don’t trust can sign in with your Apple ID, your account is not secure.
Your Apple ID might not be secure for the following reasons:
- Someone else created an Apple ID on your behalf, or you’re using an Apple ID that was already signed in when you received your device.
- You’re sharing an Apple ID with family or friends. Your Apple ID is your personal account. If you want to share purchases with a family member, use Family Sharing. With Family Sharing, you can share a calendar, photos, reminders, and more without sharing your Apple ID.
- You don’t recognize the Apple ID that is signed in on your device.
- You shared your password with someone else intentionally or unintentionally. For example, someone else selected your password for you, you told someone your password, or you entered your password on a phishing site.
- You don't have control of the email address or phone number associated with your Apple ID.
- Your password is weak or is compromised.
- You share your devices with someone else, your devices are not protected by a passcode, or your passcode is easy to guess.
If any of the above are true, you should reset your password as soon as possible and review your account information.
by Rich PascoUpdate August 2019: Ads claiming your friend's endorsement
Most of this page discusses spam (unsolicited commercial e-mail) where your or your friend's email address appears on its “From:” line. There is another class of spam, where the “From:” line accurately reflects the commercial sender but the body of the message cites your friend's name or e-mail address claiming that said friend endorsed their product and requested them to contact you.
Can A Mac Get Hacked
One of the ways I avoid getting spam is that I only give my e-mail address to friends and businesses I trust. Of course, that strategy doesn't work if my friends then give it to businesses so that they can send me spam.
On August 15, 2019 I received two pieces of spam (unsolicited commercial e-mail) from bookbub.com, one each to my old e-mail address and to my new one. In this copy I have redacted my friend's e-mail name:
I Have Been Hacked
When I received this, I contacted my friend and repeated my often-stated request: “Please do not give my e-mail address to anyone without my permission. This includes entering into a web site. If you think there is someone or some business that I should know about, then please send me a private message telling me about it so that I can decide whether or not I want them to have my e-mail address.”I was surprised when my friend denied having given anyone my e-mail address. Further investigation revealed that in the process of subscribing to this service, their system had requested permission to access her contact list, which she had obediently granted. Then everyone in her contacts received a copy of the same advertisement.
One of our mutual friends noted the unsubscribe link at the bottom of the message and said that he had clicked it.
I replied that I have mixed feelings about clicking on it. On the one hand, if bookbub is honorable they will respect that and not send me any more invitations, even if someone else enters my e-mail address. On the other hand, clicking on it acknowledges that I did, in fact, receive and read their advertisement, and if they are unethical, that fact could encourage them to send more. I decided that since I got the ad via two different e-mail addresses, I will try to unsubscribe one and not the other to see if there is any difference. The Lesson: The lesson from all of this is: Whenever you're subscribing to any on-line service, whether via their web site or via their cell-phone application (“app”) you should never grant them permission to access your contact list. Unless, of course you really do want to flood all your friends with advertisements, in which case you should re-evaluate the importance of your friendship. Such permission is granted on the web by entering your e-mail password (which no legitimate business needs to know) or with a cell-phone app as part of its installation dialog. If the app won't install without the access to your contact list it demands, then don't install it.
Update January 2019: Mail from your own e-mail address
There is a scam going around where scammers spoof (forge) your own email address onto a message to you, in which they claim that as proof that they have hacked into your e-mail account. In most cases that claim is not true, so don't fall for it. Actually the sender of an e-mail can put any address they want onto their “From:” line as easily as they could hand-write any return-address in the upper-left corner of a paper envelope in the postal mail. Some hints to determine whether a message was really hacked or merely spoofed are in the section Hacked or Spoofed? below.
Update December 2017: Junk from friend's name with wrong e-mail address
Note: When this page was first written years ago, it was all about junk mail you receive whose “From:” line includes your friend's real e-mail address, and conversely, junk mail which your friends receive apparently from yours. If this is your situation, please skip the rest of this section and continue reading at “Junk from friend's real e-mail address” below.
Since then, several friends have asked about a whole new class of spam, where the “From:” line includes the name of a friend of the recipient but an unrelated e-mail address. I have received questions like these:
- A friend just wrote to me, alarmed, because he received an email that appeared to be from me and that contained a dangerous link. He said he then looked at the return address, and it wasn't actually from me. I have never knowingly given address book access to any programs or apps other than gmail itself. How could this have happened, and is there anything I should do now?
- I keep getting obvious spam “from” people who are in my address book but with different email addresses than my friends'. It's kind of disconcerting. I cannot figure out how this may have happened.
Spammers have been sending out a lot of spam with the names of my friends on the “From:” line but with a random e-mail address. Because the e-mail address is different, I know it didn't really come from my friends.
As to how the spammers know the names of my friends, that remains a mystery to me. I doubt that they intercepted an e-mail because then they would know my friends' e-mail addresses too. It's still in my go-figure file.
As to what to do about it, I set up a filter in my e-mail program (Mozilla Thunderbird) to look at the “From:” e-mail address on incoming messages. If that address is not in my contacts, it routes it to my “Unknown Sender” folder. That way only messages with my friends' real addresses remain in my main Inbox and get my immediate attention, as yours did. Every once in a while I glance over the messages in my “Unknown Sender” folder looking for bona fide messages from people whose address is not yet in my contacts. If I find one of then, I reply to it, which automatically enters their address into my contacts. Otherwise, if it looks phony (e.g. just a link with no personal text) then I flag it as spam.
Again, that's what I do in Mozilla Thunderbird. I cannot advise about other e-mail applications which I do not use.
Junk from friend's real e-mail address
Very often, I receive junk mail (spam) with a “From:” address of one of my contacts, for example a friend or fellow team member. The mail might contain an advertisement for Viagra or replica Rolex watches, a sad story about being robbed while on vacation (and please wire money), or just a link to a web site which could download malicious software onto my computer. In such cases, I delete that e-mail without clicking on the potentially dangerous link.
Just as often, a friend or fellow team member contacts me stating that junk mail is going out in their name and asking what to do about it. Here is what I reply:
Hacked or Spoofed?
It is important to know whether your mail is hacked or spoofed. Let's define these terms:
- hacked
- Mail is actually being sent from your account by someone logged in to your server as you.
- spoofed
- Mail is being sent from somewhere else with your address being forged onto its “From:” line.
- Full name
Look at the “From:” on the junk mail your friends received. If your e-mail system normally sends your mail showing your full name followed by your e-mail address in <angle brackets> on its “From:” line, then if it is hacked and used to send junk mail, the junk mail will also show your name and address in the same way. Conversely a spammer spoofing just your address wouldn't know your name and could not do this.Exception: Unfortunately, America On-Line (AOL) does not always put the full name of its subscribers on e-mail it sends. So the absence of a name from an AOL header is normal and does not suggest that it was spoofed. - Your address book used
If many of your personal correspondents are simultaneously getting the same junk mail from your address, that's a pretty sure indicator that it's coming from your account, because the sender has access to your personal address book. (Someone otherwise forging your address onto their “To:” line would not be able to target all of your friends at once, and would be very unlikely to hit any of them at all.) - Launching Server
Look at the full headers (usually hidden) on one of the junk messages as received. Among the headers are a bunch of postmarks, lines beginning “Received:”. The oldest one (farthest down the list) explains how the message was first launched into the e-mail network; subsequent ones (farther up toward the top) track its travel to you. If the early ones name a server on your e-mail provider (Yahoo, Hotmail, Google, or whatever) that tends to suggest that your account was hacked. - Copy in “Sent Mail”
Look in your “Sent Mail” folder. If you find copies of the junk mail there, then certainly the hacker sent the mail from your account. (Conversely, it means nothing if you don't; he could have deleted them after sending.)
![Hacked Hacked](/uploads/1/2/6/4/126420104/604897324.jpg)
After you know which applies to you, please see the appropriate section below.
Hacked: E-mail sent from your account
If junk mail is being sent from your account, then you must change your e-mail password. You must also learn how they got your old password, so that they don't get your new one by the same method. It's also a good idea to change your password periodically, even if you don't suspect trouble.
What makes a good password?
Use a password which is not easy to guess or discover by trial-and-error: don't use your mother's maiden name, your birthday, or a word from the dictionary. Do use a mix of upper and lower case letters, numbers, and even some punctuation if your system allows it.
So how did they get my password in the first place?
Some people think that once they've changed their password they're done. Let me ask: If you found a burglar wandering through your house with a copy of your house key, wouldn't you wonder how he got it?
So the next question you need to answer is how they got your password in the first place. You need to know this so you can prevent them from getting your new password! Here are some possibilities:
- They guessed it or discovered it by trial and error. Bad passwords include your name, your birthday, a word from the dictionary, etc. See also ”Passwords You Should Never Use.”
- They obtained it from your service provider by clicking ”lost password” and answering your security questions with information they know about you (mother's maiden name, childhood pet, etc.)
- You gave it to them, by typing it into their web site. The strongest password in the world is no good if you give it away for the asking! Maybe the web site was a phony one mimicking the login screen for your e-mail service. Or maybe it promised some freebie (e.g. cup of coffee) if you just enter your e-mail address and password. A social networking site may ask for your e-mail password to invite your friends to join their network. Or you may get a phony e-mail, ostensibly from your service provider, asking you to click on a link to a form and enter your information to “confirm” your account.
- You used the same password on another site. Many web services require you to sign up with a username and password. Do not choose the same password as for your e-mail account! Doing so would give the operator of that site access to your e-mail account, to read your mail and to send out mail in your name.
- A “spyware” program in your computer (or a public computer you used) saw it. Spyware is malicious software which runs stealthily in the background, virtually looking over your shoulder and sending what you type back to its headquarters. One form of spyware, key logging software, quietly records every keystroke you make. Many virus scanners do not detect spyware, so you should periodically scan your computer with a specific spyware scanner. One I recommend for Windows users is Spybot Search and Destroy; another is Malwarebytes Anti-Malware Free. For information about how the spyware got onto your computer in the first place, see my essays Every Trick in the Book and About Executable Files.
If you let a stranger have your e-mail password, you give them full access to your e-mail. They can read your personal correspondence, send mail in your name, access and abuse your address book, send junk mail to your friends, and so much more.
Never give your e-mail password to anyone or enter it into any web site other than your own e-mail server in the normal course of logging in to read your mail. |
Will changing my password fix everything?
Yes and no.
It will stop the hacker who knew your old password from using it to log in to your account again. However, if he copied down your address book during the time he had your password, then he can continue to use his copy to send junk mail to your contacts forever. He can even spoof (forge) your contact info onto his “From:” line so that future mail seems to come from your account, even when it does not (see below). Basically, once someone knows something, there is nothing you can do to get him to forget it and not use it any more. That is why it is vitally important to not let him have it in the first place.
Also, if you don't know exactly how the hacker got your old password, consider that he might use the same trick to get your new one. For example, if your computer is infected with spyware, it could report your new password back to its master as easily as it reported your old one.
Should I change my e-mail address?
Sometimes the first reaction of people whose e-mail accounts have been hacked is to close that account and open a new one. This is seldom necessary, and necessitates notifying all of your correspondents of your new address.
Closing an account may be useful if you're receiving a lot of spam, but that's not the subject of this essay. We're talking about someone else signing in to your account as if you, in order to send spam. In that case, changing your password as described above should fix it. And if for some reason it doesn't, i.e. the hacker gets your new password, somehow, then he could probably just as easily get the password to any new account you might create.
Close out old, unused e-mail accounts
Don't just abandon old e-mail accounts. Close them out with the service provider so they cannot be used again.
Sometimes when I phone a friend to tell them their e-mail account has been compromised, they say, “Oh, I don't even use that account any more.” I encourage them to contact their service provider and close the account. Leaving it open not only makes it available for malicious use, it also risks your reputation.
For more about hacked e-mail, see:
- Serious Security: When randomness isn't – and why it matters by Paul Ducklin, Sophos Naked Security, March 8, 2019
- Can emojis save you from a terrible password? by John E Dunn, Sophos Naked Security, March 2, 2018
- 6 Ways Your Email Account Can Be Hacked by Jackie Roberts, AVG,, August 8, 2016
- These researchers have discovered the perfect password that's also easy to remember by Ana Swanson, Washington Post, October 22, 2015
- These Were The 25 Most Popular Passwords In 2015 by IFL Science
- 2 million Facebook, Gmail and Twitter passwords stolen in massive hack by Jose Pagliery, CNN Money,, December 4, 2013
- Beware Twitter “password check” sites - there are fakes, and there are fake fakes! by Paul Ducklin, Sophos Naked Security, April 24, 2013
- Phishing attack against MSN/Hotmail users - a new year, but old tricks still persist by Graham Cluley, Monday, January 14, 2013
- Yahoo! Hacked: What You Need to Do Now by Shelly Palmer, Huffington Post, July 16, 2012
- The worst passwords you could ever choose exposed by Yahoo Voices hack by Graham Cluley, Sophos Naked Security, July 13, 2012
- How to Check if Your Yahoo, Gmail or AOL Passwords Were Leaked by Samantha Murphy, Mashable, July 12, 2012
- One Quick Way to Find Out if Your Email and Password Have Been Hacked by Will Oremus, Slate, July 12, 2012
- Yahoo confirms 400,000 accounts hacked, less than 5% valid by Emil Protalinski, ZDNet, July 12, 2012
- Yahoo Confirms, Apologizes For The Email Hack, Says Still Fixing by Ingrid Lunden, TechCrunch, July 12, 2012
- How I'd hack your weak passwords by John Pozadzides, Lifehacker, December 16, 2010
- Creating a strong password from Google
- How Big is Your Haystack .. and how well hidden is YOUR needle? from Gibson Research Corp.
- How Secure is My Password? sponsored by Dashlane
Spoofed: Your address forged onto the “From:” line
Conversely, if the mail is being launched via some other route than through your e-mail account, there is little you can do to stop it. The “From:” address on an e-mail is easier to forge than the return address in the upper-left corner of a postal envelope, and is in no way proof of where a message really came from. Once spammers know and use your e-mail address in this way, you can't stop them.
Keep your e-mail address private
Microsoft windows 10 hacked. There is a lot you can do to prevent your address from being used in the first place: Keep it private to only your trusted friends and private communities; never post your e-mail address on a web site or publicly viewable forum.
Not only will keeping your e-mail address private prevent you from receiving junk mail, more importantly it will prevent spammers from forging your address as the source of junk mail.
Keep your contacts' addresses private
Out of respect for your friends and business contacts, safeguard your e-mail address book as if it were gold. Giving it to strangers invites them to send junk mail to your contacts, and/or to spoof their addresses onto junk mail they send to you and others.
Don't give out your friends' e-mail addresses without their permission. For example, don't type them into a web site that offers to “send this article to a friend” unless they have a clearly stated privacy policy. Otherwise, if you wish to share a web site with a friend, just copy its address from the address bar of your browser and paste it into an e-mail to your friend, with an explanatory introduction. That way, it will be up to them whether or not to access that site.
Spoofs in your inbox
This article is mostly concerned with situations where your e-mail address appears on the “From:” line of junk mail sent to others. Conversely, however, no discussion of spoofing would be complete without mentioning spoofs you'll find in your inbox.
Because many e-mail programs now regard mail from unknown addresses with suspicion, and spammers have a vested interest in gaining the confidence of their targets, many spammers will spoof onto their “From:” line an e-mail address which many people will have in their white list of acceptable senders. This might be the address of a popular financial institution or a social networking site. In many but not all of these cases, the body of the mail is also designed to resemble a notification from one these services, like ”your bill is ready” or “you have an update,” so click here for details. For more about these spoofs, see my companion essay, ”Every trick in the book: how hackers take over your computer.”
Spam from your friend's name but random e-mail address
I have received an increasing number of reports where spam is delivered with its “From:” line bearing the name of one of the targeted recipient's contacts, in conjunction with a random e-mail address (not the real e-mail address of the supposed sender).
It remains a mystery how the spammer knows the names of the target's contacts but not their e-mail addresses. If the spammer had intercepted a prior e-mail, in that case the spammer would have known the contact's real e-mail address and probably would have used it in conjunction with the contact's name, instead of the random address. So I keep looking for other explanations.
One possible explanation is that the spammer visited the target's Facebook page and there looked at the target's list of Friends. That might explain how he knew their names but not their e-mail addresses. This is one reason I advise my clients to hide their list of Facebook Friends from public view. The other, primary reason, is to reduce the incentive for an impostor to clone their profile and send Friend requests to all of their real Friends. If you are receiving spam like this, I would recommend that you review the settings on your personal Facebook account, and to change them such that your list of Friends is not open to public view. Detailed directions on how to do this are here: Keep your Friends list non-public
That way, a spammer intending to send you junk mail will not know whose name to spoof on his “From:” line.
Of course, nothing you can do now will force spammers to forget what they already know.
For more about spoofed e-mail, see:
Has My Computer Been Hacked
- “From” Spoofing: How Spammers Send Email that Looks Like it Came from You by Leo Notenboom, Ask Leo
Where in the world is the hacker located?
Here's how I determined the physical location of a hacker who took over my friend Patrick's e-mail account. You may utilize this technique, being aware that the details may vary depending on your e-mail software and the nature of the hack.
Step 1: Determine hacker's IP address
I opened the hacked message in my e-mail client reader (Mozilla Thunderbird), and invoked “View Message Source”. The exact command varies depending on your e-mail client software. In some others it is “View Full Headers.”
When looking at the headers of a message, you will see a bunch of lines beginning “Received:”. These are like postmarks, added by each server that handles a message on its way to you. They are in reverse chronological order, the older ones farther down the page. The oldest one tells the origin of the message:
The hacker's IP address is 41.71.188.54 |
Step 2: Locate IP address on the planet
Next, I invoked IP2Location at to tell me where in the world this is located. This commercial system allows unregistered guests 20 free lookups per day. I entered 41.71.188.54 into their demo form and got:
The hacker is in Nigeria, state of Lagos, town of Badagry |
You can see this on a Google Map or learn more about the place in Wikipedia.
So, What Was Your First Clue?
Feedback from Contacts
Whenever I get obvious spam (junk mail) from a friend's account, I hit “Reply-to-All” to alert my friend and all of his correspondents to the problem. Often, my friend was unaware that his account was spoofed or hacked until he hears from me. And sometimes, the copy that the other recipients get alerts them to the problem so they don't take the bait and click the malicious link.
Bounce Messages
A bounce message is an automated reply from a mail server reporting that an e-mail message was not deliverable as addressed, perhaps because the address is invalid, or the recipient's inbox is full. I was stunned recently when a friend told me that he just deletes “return to sender” bounce messages unread. You should always carefully read bounce messages! They are very important!
They say exactly why your message was bounced. If the address to which you sent it is no longer valid, then you should delete the invalid address from your contacts, and, if appropriate, call up your contact on the phone to get their new address.
Usually the bounce message include a copy of the e-mail you tried to send, or at least its headers. Look at it! If it is really an e-mail you tried to send, then you just need to update your contact's address as above. If not, then the fact you're getting a bounce of a message that you did not knowingly send is the first clue that your account has been spoofed or hacked, a matter which you should take very seriously.
Is My Mac Hacked
References
Sender Policy Framework From Wikipedia, the free encyclopediaHas My Phone Been Hacked
Feedback Please
As the author of this page, Rich Pasco would appreciate any feedback you may have to offer. If your e-mail account was hacked, please let me know whether this page was helpful in resolving the problem. I would especially like to know how the hacker took control of your account in the first place, and what steps you took to secure your account and prevent a recurrence. You may e-mail me directly or use this form.
My Mac Address Book Has Been Hacked Free
Copyright © 2010-2011 Richard C. Pasco. All rights reserved.