Guidry: Is your old email account sending spam?

ver wonder what happens to your old email accounts? As technology changes and we move on to new sites, our old accounts are left languishing ... and are sometimes used to nefarious ends.

I’ve been seeing an uptick lately in the number of spam messages I’ve received from old accounts. Many of these email addresses belong to people I’ve known for years, most of whom dispensed with their old AOL and Yahoo accounts ages ago when they migrated to more modern systems. And I’ll bet their owners have no idea their old accounts are sending spam.

Some of these spam messages are easy to spot: a simple “Re:” with a blank subject, with the contents of the email nothing more than a mysterious link. Believe me, I am not clicking that link and neither should you. But some of the messages are more clandestine in their approach. They might say “Hi!” or “How are you?”, and the message might contain a few lines of convincing text. But I’m still not clicking that link.

I used to get these now and then, sprinkled among my regular email messages and today’s more sophisticated spam attempts. But, lately, it’s been a deluge. Perhaps, as more personal data is stolen from elsewhere, more old accounts are being hijacked. Or perhaps the spammers are having such success, they have increased their attempts. After all, it costs them nothing to send messages, which means just one click is all reward for them via pay-per-click, ad revenue, malware and the like.

Maybe you don’t care what other people do with your old accounts. But imagine what it appears like from the recipient’s perspective. They’re getting spam with your name on it. That’s not a good look, especially if you are a professional and the messages are going to former or current clients and colleagues. You’re also contributing to the spread of malware.

What can you do? First of all, try to delete your old accounts if you are not using them. Most sites offer options to do so. Some allow you to archive data beforehand. If you choose not to delete your old accounts, perhaps because you don’t want someone else to grab your username, at least monitor them for suspicious activity. At this point, you can assume most old accounts are probably compromised, so you should be sure to change passwords, too.

Second, never reuse your passwords. This is one of the primary ways accounts get hijacked. As more and more data is stolen from elsewhere, reused passwords are like leaving your front door key in the lock with a big sign that says “come on in.”

The more you reuse passwords, the more accounts will be hijacked. Password management tools such as 1Password and LastPass make it easy to generate strong random passwords. Go one step further and set up two-factor authentication wherever possible.

If you discover your old email account has indeed been sending spam, it’s best to double-check all of your accounts, new and old, to make sure they are not similarly compromised.

• Triona Guidry is a computer specialist and freelance writer. Her Tech Tips blog offers tech support advice for Windows and Mac.