Free Avast: Outlook 2019 - an email forwarded to random contacts.

[MikeP999]

Scenario:
Father's desktop computer - using Free Avast

Hi folks, I was wondering how the following could have happened?

My father uses Outlook 2019 (desktop version) and last week he discovered that his Outlook email had forwarded a random email to 2 random unrelated contacts, from his address book.
The only reason he found out, was because one of the contacts that received the forwarded email, replied with confusion.

Nobody was even in the house, at the time the email was randomly forwarded, so this was not an accidental email send.   
-----------------
I ran an avast boot-time scan of his computer and it did find a few things, that really didn't seem serious - but I will go to the quarantine and jot them down, next time I'm visiting him.
He's changed his password for now.

Yet, I'm wondering how this could have happened - doesn't Avast keep a close watch on email? 
At first I thought his email was compromised and someone had stolen his password - but the random email sent, to 2 random contacts was not exactly sensitive information.  I'm inclined to think it's malware - but I will report back when I jot down what the Avast scan found.

[Pondus]

Nobody was even in the house, at the time the email was randomly forwarded, so this was not an accidental email send.   

Was the computer On or Off ?

It does not have to be your Father's computer

Email spoofing  >>  https://en.wikipedia.org/wiki/Email_spoofing

[MikeP999]

Nobody was even in the house, at the time the email was randomly forwarded, so this was not an accidental email send.   

Was the computer On or Off ?

It does not have to be your Father's computer

Email spoofing  >>  https://en.wikipedia.org/wiki/Email_spoofing

Thanks for the link - I'll have a read.

His computer was on and the mysterious email, according to Outlook 2019 (it's the only way he sends/receives email), happened to be 'sent' while he was out running errands.
There's nobody else in the house that could have sent the email.

I'm aware his email password may have been compromised and the perpetrator off site.
Yet if that's the case - why would someone bother forwarding one of my father's own emails to 2 random contacts from his address book.   

Anyways - it's one of 2 things.  Either an email pw compromise, or something got through Outlook 2019 via an email, that AVAST did not pick up and consequently infected the computer.

The next time I'm at his computer - I will look in the quarantine - I believe something was found, but how severe, I can't recall.

[DavidR]

Avast would scan outbound email to see it was clean, but what it can't do is say if this was an email sent by the user.

If it was actually sent from his computer (and MS Outlook) surely there would be a copy of these emails in the sent emails folder, if they originated from his system  ?

Otherwise it could be email spoofing as suggested.
That said spoofing emails are also likely to be scam/spam orientated, which only the recipient could attest, hence the confusion mention.

The only reason he found out, was because one of the contacts that received the forwarded email, replied with confusion

Without getting into details on this confusion, did this email appear to be a scam or a phishing attempt (link to a site purporting to be another), etc.  ?

[MikeP999]

Avast would scan outbound email to see it was clean, but what it can't do is say if this was an email sent by the user.

If it was actually sent from his computer (and MS Outlook) surely there would be a copy of these emails in the sent emails folder, if they originated from his system  ?

Otherwise it could be email spoofing as suggested.
That said spoofing emails are also likely to be scam/spam orientated, which only the recipient could attest, hence the confusion mention.

The only reason he found out, was because one of the contacts that received the forwarded email, replied with confusion

Without getting into details on this confusion, did this email appear to be a scam or a phishing attempt (link to a site purporting to be another), etc.  ?

No - the email was not phishing attempt.  I would call it spam I suppose.  Forwarding a letter to random contacts, for the heck of it?

1. My father reads an email in his Inbox - normal correspondence with a friend. (Email #1)
2. He leaves the house to run errands.
3. He comes back to house an hour or so later, to read a new email from a different contact from his address book(Email #2), wondering why my father would 'forward' an email that didn't pertain to them.
4. He looks in his Sent mail, only to find that sure enough - supposedly he had forwarded this (Email #1) to 2 contacts from this address book.   
5. Unfortunately he panics and deletes the email, not only from the Sent mail, but also from Trash.  I wish he hadn't, so I could have had a good look at it, including any possible cookie crumb trail like IP address or who it's really from.   
6. Emails me wondering what to do.  At that point I go over and run a full Avast boot-time scan.  He also changes email pw.  Again - I'll for sure update this with what AVAST found and quarantined.

I've advised him to run a full scan every week now, on a Sunday for example. Also, to change pw from time to time.

There's no phishing, financial queries, numbers of any sort. Nothing to gain from forwarding this email aside from a weird surprise. '
---------------------

By the way, thank god for audio verification option - I can't read the damn letters that I'm supposed to type lol. 

[Asyn]

By the way, thank god for audio verification option - I can't read the damn letters that I'm supposed to type lol.

Captcha is only needed for your first 3 posts. (Spam protection)

[DavidR]

<snip quote>
No - the email was not phishing attempt.  I would call it spam I suppose.  Forwarding a letter to random contacts, for the heck of it?

1. My father reads an email in his Inbox - normal correspondence with a friend. (Email #1)
2. He leaves the house to run errands.
3. He comes back to house an hour or so later, to read a new email from a different contact from his address book(Email #2), wondering why my father would 'forward' an email that didn't pertain to them.
4. He looks in his Sent mail, only to find that sure enough - supposedly he had forwarded this (Email #1) to 2 contacts from this address book.   
5. Unfortunately he panics and deletes the email, not only from the Sent mail, but also from Trash.  I wish he hadn't, so I could have had a good look at it, including any possible cookie crumb trail like IP address or who it's really from.   
6. Emails me wondering what to do.  At that point I go over and run a full Avast boot-time scan.  He also changes email pw.  Again - I'll for sure update this with what AVAST found and quarantined.

I've advised him to run a full scan every week now, on a Sunday for example. Also, to change pw from time to time.

There's no phishing, financial queries, numbers of any sort. Nothing to gain from forwarding this email aside from a weird surprise. '
---------------------
<snip>

That is certainly strange and not something I have come across before in the forums.

Hidden Spam Infections, generally wouldn't use your email client (leaves evidence) as them come with their own very small SMTP program.

Ordinarily I would have thought this could have come under the heading of email spoofing (as mentioned), where it could be a contacts system that is sending out emails to their email address/contacts list. 

If this was web-based email, it would certainly be an indication that their username and password was compromised.  But that doesn't appear to be the case as you mentioned there were copies (unfortunately deleted) in the Sent emails folder of MS Outlook.

So a bit of a mystery for me as to how this would be achieved.