I don't think it would be at a server level, as you would read a lot more complains on here if it had been.

What kind of device did you send the e-mail from? As you mention viruses have you check it out in case that has been infected with anything.

Let us know and I would get the device checked out in case it has anything nasty on it. Such as a keylogger.

@PeterB1 

As a first step assuming you are using a PC to send yours emails is to run a full virus scan on your computer (if you are relied on Windows Defender) then download Malwarebytes (free trial version) and run that to fully scan your device. Your friend might want to do the same as a precaution.

Also ensure all your windows security updates have been installed.

Thanks for the response, Alex.

I take your point about the server level.

To be clear:

The original (innocent) email was sent by a friend to me.

The dodgy email yesterday was sent to my friend from the bogus address pretending to be me.

It contained a preamble inviting my friend to download what was no doubt a dodgy attachment, followed by the text of the original email my friend had sent to me.

What I'm getting at is that nothing generated by me - from any of my devices - was ever involved.

If we rule out a server level hack, that would seem to suggest the problem  may lie at my friend's end rather than mine, but I'm reluctant to pass the buck to him unless I'm fairly sure  about this.

What do you think?

If you agree, can you be as specific as possible about what my friend (not a techie himself) should actually do. Presumably he should focus on the device he used to send his original email? If it was an iPad or iPhone rather than PC or laptop, how would he do a virus check?

And, whatever the device, how does one check for a key logger?

Best wishes - and thanks again,

Pdeter

Thanks, Wakeman.

I use Bullguard for virus protection and my Windows 10 is fully up to date.

As you'll see from my reply to Alex, no email generated by me was ever involved in this.

The original (innocent) email was sent by my friend to me.

The text of that email was then included in the bogus email sent from an unknown address pretending to be me.

Unless there's been a server hack at Plusnet - which Alex thinks unlikely -- I don't see how the fraudster could have obtained the text of the original email from me.

But I'm reluctant to pass the buck to my friend unless I'm fairly sure the problem lies at his end.

@PeterB1 

Could be their email address book and emails have been scanned/hacked, or a keylogger as suggested  by Alex. If they are using a PC then I would suggest they do a full scan.

Sadly these things happen, I have have emails pro-porting to be from me to me before now. Plusnet have just this morning intercepted two emails to me with viruses from a company I have never used.

I don't know what Security package your friend is using, it might be he has not got it set to scan incoming and outgoing emails. Some security packages are better then others, I personally use Bitdefender.

There's 2 things here, the first of which will NOT be the case...

1) It is trivial to send an email to someone, pretending to be from someone else (not only with their name but their correct email too). The giveaway is typically that when you look at the (hidden by default) email headers, it is clear that it was not sent to the "normal" email sending server. This is not relevant to your case, because the mail contains some "personal" information, and that had to come from somewhere.

2) In your case, the email contains a copy of the original email. There's 3 places that this could come from: your PC, his PC, or the mail servers. Whilst the mail servers could have been "involved", it is 99.9% unlikely that they were actually hacked.....so there's obviously something wrong with either YOUR PC or HIS PC, or your email account.

One way that the 3rd party could have got that "original bit of personal information" that was included in the second email is by obtaining it from your or his PC. Another way the 3rd party could have got that email is by impersonating you (using your email login details) and taken a copy of the your emails that were on the PlusNet servers. (You can't blame the servers here, as the 3rd party would have used your - valid - credentials) It won't be your friend's email details, as that was just used to send the original email.

So it is ESSENTIAL that you put aside any feelings of awkwardness, and get both PCs scanned. If it turns out to be their PC, then they will be very grateful!

I'd also suggest that you BOTH change your email passwords.

Yep @PeterB1 

I can't see it being a server hack, after all they won't just go for the trouble just to hack into your account alone. It will be many. That's why I said you would hear about it. Others will too of course.

Sounds like you have something on your local device.

Changing passwords is a good idea, but it you have a keylogger installed it won't fix the problem. (just in case).

I have recently seen something very similar.

I received an automated email from an automated system service (no sender PC involved) to one of my Plusnet email addresses.  A few days later, that email server received an email form another, sent via another SMTP server looking like a reply to the email I had received.  The received email contained the original email text.

This somewhat suggested that either my Plusnet mail account had been compromised or my PC had been compromised.

I changed the password on the Plusnet email account as a precaution.  I also asked one of the SU contacts if they could check the IP addresses which had logged into the IMAP server using those credentials.  All IP addresses were identifiable as my fixed IP address or a small number of Orange (mobile network) IP addresses.

I ran a full scan using Malware Bytes Search & Destroy which found nothing (but did cause other issues).

Nothing has yet been identified which might have caused this and no reoccurrence has been observed.