Those strange emails that friends send us …

Surely you ever received emails from your contacts that have no Subject and do not include any messages, just a meaningless link as in the following example:

This is an email that was not actually sent intentionally by the user, in fact you should not even know that the email was sent from your account. But even so, the link draws attention and even makes you want to click on it, something that usually happens when we receive messages from special contacts.

In this case we are before a typical spam that takes advantage of a WordPress violateor due to lack of maintenance (the owner or webmaster surely does not know that it was infected), it is easy to see that it is WordPress through the link directories wp-content / theme which are repeated in all the sites that use this CMS (content manager).

Spammers use them as camouflaged redirectors that lead victims to other sites with advertisements, fraudulent products, or exploits that attempt to infect computers. Trojans like Flashback spread in this way, when you click first you access the compromised site and are immediately redirected to the site controlled by the attackers.

Fake email actually comes from our contact's account and this may be for two reasons, your computer is infected or your email account is compromised. In either case, attackers can automatically send spam messages to their entire contact list.

Both elements allow them bypass antispam filters, the engine does not detect anything strange in the emails and lets them pass, since they come from a friendly contact and include an apparently harmless link.

At the end of the day, a simple email that doesn't seem to make sense actually has a whole lot of malicious work very well designed to send spam.

What to do in these cases?

Of course, you don't have to click on those links! Ideally, explain to our contact what is happening and recommend that, in addition to changing the password for your email, perform a full scan of your computer for viruses.

On the other hand, if you are a user of Hotmail there is another alternative, about a year ago this service included an option called My friend's account was hacked which allows to warn Hotmail that an account is compromised, that is, it is being used to send spam:

Once the option is clicked, a message like the following appears:

Thank you for informing us that your friend's account has been attacked by a hacker. Your information helps us identify those accounts that have lost their confidentiality.

It may seem like a selfish option, but in reality, nothing bad will happen to our contact's account, it will simply be monitored in a special way and if any strange activity is verified, a recovery process will be started to verify your data and change the password.

In the end this will benefit you and also all your contacts 🙂