All You Can Do is Practice Safe Computing - Nothing's 100%
Sorry to hear about your problem. Unfortunately, I believe your issue goes deeper than just a compromised email account. If you were only receiving unsolicited emails I'd tell you to just change your email address as the capture may not have come from your PC. You could have been the victim of a "roundup". Meaning your email was captured from an associates PC that was compromised.
However, since your friends are receiving emails that appear to have come from you I'm afraid you have a compromised PC. To keep the cleaning process short the best way to remove the infection is to wipe your HD and reload your OS. You can spend time (and money) trying programs designed to root out infections but unless you are very knowledgable about which programs to use the process can become very much an exercise in futility for the uninitiated. However, if you want to try and remove the infection yourself here's a good program to start with and it comes in free and paid versions:
If you go the route of wiping your HD and re-installing your OS be sure to back-up your personal files to a portable external HD. The backup mainly consists of everything stored in "My Computer" and any files you may have saved to your desktop. Take the HD to a professional and have it scanned for infections (i.e. your local computer store or one of the brick-n-mortar houses like Best Buy). You will be charged for the cleaning but at least you'll be 99.9% sure that you won't re-infect your system once you load the files back onto your newly reformatted HD. In fact you may want to let a professional do the reformatting of your HD and reload the OS as well. Note: If you are already practicing good computing by doing a back-up on a regular basis to an external HD then have that drive scanned for infections.
After having said all the above you may not have the dirty PC. But I'd say it's 90% sure that it is you since your associates claim the only unwanted emails are allegedly coming from your email address.
Ironically, your question on how to prevent your email from being infected was addressed in this forum back in October, 2011 in the Spyware, viruses, & security forum: Do you have the right weapons to deal with spam and phishing? Here's a reprint of my contribution to that topic:
?Be Afraid...Be Very Afraid
Just kidding with the title but you raise a very serious and real question about a problem that a lot of people are trying to combat. The discussion grows everyday in the private as well as public arenas. There's really no clear definitive answer as to what works best; as the bad guys are working overtime. Ironically, even the so-called "good guys" help to proliferate the problem; as I will touch upon later.
The lines separating Spam from Phishing are blurred. See the similarity by definition:
Spam: Also known as junk mail or unsolicited bulk email. Involves nearly identical messages sent to numerous recipients. Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books and are sold to other spammers. There is a practice known as "email appending" or "epending" that uses known information (such as postal address) to search for a target email.??
Phishing: An attempt to acquire information such as usernames, passwords, credit card details by masquerading as a trustworthy entity in an electronic communication. Usually carried out by email spoofing or instant messaging. Communications purporting to be from popular social websites, auction sites, online payment processors and the like.
In short...Phishing can morph into Spam and Spam can morph into Phishing. ??
Forms of protection from Spam and Phishing come in a plephera of varieties just to name a few:
1.Passive protection in programs like Outlook, Mail (Mac OS X), Eudora, GMail, YahooMail and others that allow you to set filters, rules, block addresses and block ISP's (xxx.com).
2. Passive protection found in web browsers (IE9, FireFox, Chrome, Safari (via App Store), Opera etc) that use a community based rating system to warn against suspicious sites?
3. Active Protection found in Internet Security Suites (too many to name like Norton, Eset, TrendMicro etc ) with email filtering tools
4. Active Protection found in Spam and Phishing protective services like Barracudanetworks.com or Secureworks.com and the list goes on.??
However, use of any preventive product or service is of little help if the user doesn't practice safe computing. Here's a short list:
1.Watch out for "phishy" emails. The most common form? of phishing is emails pretending to be from a legitimate retailer, bank,?organization, or government agency
2. Don't click on links within emails that ask for?your personal information
3. Beware of "pharming." In?this latest version of online ID theft, a virus or malicious program is?secretly planted in your computer and hijacks your Web browser. When you type?in the address of a legitimate Web site, you're taken to a fake copy of the?site without realizing it.
4. Never enter your personal information in a pop-up?screen.?
5. Only open email attachments if you're expecting them ?and know what they contain
6. Know that phishing can also happen by phone. You may get a call?from someone pretending to be from a company or government agency, making the?same kinds of false claims and asking for your personal information?
7. If someone contacts you and says you've been a?victim of fraud, verify the person's identity before you provide any personal?information ?
8. Job seekers should also be careful. Some?phishers target people who list themselves on job search sites.
9. Report phishing, whether you're a victim or not. Tell the company or? agency that the phisher was impersonating
10. Take action immediately if you've been hooked by a?phisher. If you provided account numbers, PINS, or?passwords to a phisher, notify the companies with whom you have the accounts?right away. For information about how to put a "fraud alert" on your files at?the credit reporting bureaus and other advice for ID theft victims, contact the?Federal Trade Commission's ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4338, TDD 202-326-2502.???
When shopping online at legitimate sites (the "good guys") be careful and look for boxes that are pre-checked for you to receive offers and/or communications from them or their partners. Be sure to uncheck the boxes and opt-out if you don't want to receive any communications. Even legitimate retailers count on you not unchecking the boxes to opt-out.??
I hope this helps although it sounds like you were doing a lot of this already. Sometimes bad things happen to good people. All you can do is your best to avoid the pitfalls.
Good luck in resolving your issue.
Together Everyone Achieves More
Was this reply helpful? (7) (1)