Phishing Email from Contacts

[radar81]

Hi,

I have recently begun receiving obvious phishing emails. The from name is a known name of one of my contacts "John Smith", the email address will be something like johnsmith006 -at- gmail dot com (this is not John Smith's actual email address). Subject: From John Smith. The body contains a only a strange URL, which I do not click, which appears to be a link to malware.

I read on another forum that this could be the result of an Android app that I have which I have granted permission to access my contacts. I downloaded an app to review the permissions. I have 103 apps that have access to contacts. I have a galaxy S4 with Android 4.4.2; I primarily use gmail for contacts.

Is it possible/likely that a phisher has been able to access my contacts list from an Android app? How do I identify which is the rogue app? What can I do to prevent this from happening? Thanks!

Dave

 

[B. Diddy]

Welcome to Android Central! This is pretty common, and is unlikely to be a breach in your security. It is more likely a breach in your friend's security--often via Facebook. I've seen emails like this, and they're always from Facebook contacts. Not sure if there's anything you can do besides delete the email, and obviously don't click that link!​

 

[Rukbat]

And notify these "friends" to not click links in emails they don't know. Let them know that by doing do they're installing malware on their phones or computer, which are sending out phishing emails. (Some people think a link is something that has to be clicked - it's like an itch, they can't ignore it.)

 

[radar81]

The strange thing is that I haven't heard of any of my friends receiving phishing emails from me. It appears that someone has obtained MY contact list and is creating fake email addresses that look similar to those of my contacts. He/she is then emailing me from these fake email addresses in an attempt to get me to click the link.

 

[radar81]

Any thoughts? thanks