What Can You Do if Someone Has Spoofed Your Email Address?

Spoofed email is email that appears to be from you that you did not send. Spammers often use email spoofing to hide where the email actually originated. While a spoofed email does not necessarily indicate your email account has been hacked, it is good practice to secure your email address by changing your passwords, connecting securely and notifying your email provider and contacts about suspicious messages.

While not all email spoofing involves a hacked account, it is a good idea to change the password, just in case. Changing your password is an extra safeguard against your account being compromised even further. Choose a strong password that includes alphanumeric characters, different cases and special symbols, if your email provider allows it. Password length and character limitations vary between email providers, so it is a good idea to check with your email provider for their specific limitations.

Your email address and/or user credentials may have been compromised by malware running on your computer system. Run a virus and malware scanner on your machine to ensure your computer does not have any malware that may have compromised your computer. Help protect your computer by updating your operating system with the latest security updates.

Whenever possible, connect to your email securely, either by using a secure Web connection when connecting to Web-based email or by setting up an SSL connection to your mail in your desktop email client. Consult your email provider for more information about secure email connections.

Once you have changed your password and checked your computer for any malware, it is a good idea to send a message to people on your email contacts list, warning them about opening or viewing any suspicious email from you. A warning in the subject line can help your contacts identify which messages are your legitimate messages and which ones are not.

Notify your mail provider if you believe your email account has been spoofed. This will help your mail provider better monitor their mail servers and may also help in case disgruntled recipients of emails spoofed from your account contact your mail provider's support team. Web mail providers like Gmail and Yahoo! Mail have a "Report Spam" button you can use to send individual messages to the mail service to review. If you use an email address provided by your Internet service provider (ISP), it is a good idea to contact your ISP's customer service about email spoofing. You can also notify the FTC about spammers by sending the full email, including headers, to spam@uce.gov.