This week I received an email from a friend wanting some advice regarding an email issue they were having. The email went along the lines of…
“I have become aware that someone is impersonating me recently using my email address. This person has been in contact with a friend of mine. Fortunately, they did not believe the person and just deleted the email. Today, I have had an email from Amazon saying a person got into my Amazon account! I immediately changed my password for Amazon.”
What should I do about this impersonator?
Unfortunately, there is not much you can do about someone sending an email and using any name they choose, its quite easy to do this in an email client. For example, if we take a look at the configuration of my email address “firstname.lastname@example.org” we can see that the “Your Name” field is set to Tech Support Pro | UK, (highlighted below), which will be used and displayed by the receiving email client.
If I send a test message from this account to one of my other email addresses, you can see that the message is from Tech Support Pro |UK, and the email address is email@example.com.
If I now go into the client and change the name to something different, you can see from the screen shots below what effect it has.
The point I’m trying to make here is that you can set the “From” field to absolutely anything you like, however, the “email” part remains the same. If you receive something unusual or suspicious from someone you know, firstly check the “email” field, highlighted below.
Mickey Mouse! <firstname.lastname@example.org>
This is how I responded to my friend.
What I would say is that the impersonator is just trying his luck, the email he sent to your friend was probably also sent out to thousands of other email addresses hoping someone has a friend called “John Doe” and responded to it. Fortunately, your friend just deleted it.
What About my Amazon Account?
As for your Amazon account, firstly change your password, make sure you chose a strong password, something that contains at least six to ten characters, a mixture of lower & upper case letters, numbers & some special characters. The second thing I’d do is to enable Two-Step Verification on your Amazon account, to do this go to “Your Account” – “Login in and Security” – “Enable Two-Step Verification”.
Basically with this enabled, you will enter your email and password as normal, but before amazon grants, you access it will send you a text message to confirm it’s you.
As you can see, just be a little vigilant, check who you are replying to and give yourself a second or so to just check the person is who you think it is.
Stay Safe out there