Thanks. I had no idea.
But, how would they know the email address of the hackee’s brother, or friends, without breaking into the address book of the account in the fake header?
Also, that seems like an incredible vulnerability for established companies.
Millions of customers might block your email address because it has been falsely posted on spam or ransomware.
I took a PHP class some years ago - the instructor alluded to hacking e-mail headers.
I have gotten spam from addresses I think I know and they say their e-mail accounts haven’t been directly hacked (password not stolen, say).
I don’t know if they (or I) have spyware, or just that an e-mail blast to several people got forwarded to the wrong person who decided to spoof addresses.
Hmm....so why isn’t spoofing more common? Maybe the ISP can put some checks in to see if the header has been hacked.