Fake emails

I use Messenger and NetFetch configured to show me the subject: and from: headers of any emails waiting for me on the PlusNet mail server. Some I select to download, the rest get deleted without being downloaded. Sometimes I find emails that purport to be from friends, but which are evidently not, but are empty save for a greeting and a URL. I have even had them purporting to be from people whom I know to be dead. Can anybody explain to me how these come about? Is it malware infecting the friends’ computers and mailing their address lists back to spam-generators? Or is it actual emails being copied? My reason for the last surmise is that sometimes the fake email contains exactly the greeting that I would have expected from the friend. In the former case I guess it is because many email programs keep their address-lists in the same place and the malware knows where to find them.

because many email programs keep their address-lists in the same place and the malware knows where to find them.

This. Also, not always obvious malware. Quite a few useful sounding smartphone apps request permissions like reading storage, contacts, phone log, etc etc. Informait Android is based heavily on promotion of adverts, so it isn’t at all unusual for an app to request internet access and location – so the advert system can provide rubbish relevant to where you are. Location is considered sensitive so it can be disabled. Internet access cannot. So if an app can read sensitive information, it can easily send it out to whoever wherever.
It’s eye opening to install NoRootFirewall (bounces everything through a fake VPN) to see exactly how much rubbish tries to make connections.

Might be interesting to read this:
https://www.heyrick.co.uk/blog/index.php?diary=20150929
And then:
https://www.heyrick.co.uk/blog/index.php?diary=20150930

Can anybody explain to me how these come about? Is it malware infecting the friends’ computers and mailing their address lists back to spam-generators?

If we’re talking the likes of Yahoo! addresses, they’ve very likely had their account ‘hacked’ and the details are being used to send malware infected links to people in their address books and/or inbox. It’s a common problem, unfortunately, which is made worse by people using weak passwords or reusing them between different accounts.

which is made worse by people using weak passwords or reusing them between different accounts.

My password was neither weak nor recycled. I believe there’s a fundamental flaw in Yahoo Mail.

From my second blog article: The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.’

This was certainly the case for me, and why it was harder to track down the source from the list of names – they weren’t looking at the address book but rather addresses of sent emails.

Yahoo! were compromised in a big way a few years ago.