Another method is to use a Dictionary attack
Using automated software, spammers create thousands of addresses based on common combinations of words and number. They then send out bogus messages using those addresses. Nearly all of those messages will bounce back as unknown, but a few will come back as replies from valid email addresses. So never respond to emails from senders you don’t know.
Personal or business websites: Posting your main email address on your personal or business website or blog site gives spammers an easy target. If you must post an address in a public place, set up a disposable email account and forward its mail to your primary account or email client. Or leave spaces in the way display your email address so that it cannot be clicked on so use for example: dave at daveshelpline.com so that the @ symbol and the email address isn’t set as a link.
If you subscribe to any shopping site or newsletter, the list’s owner may share your details with other companies. There are also a myriad of other places where your email address can be found by unscrupulous means. This is inevitable.
If you use a web mail service such as Hotmail, Yahoo, or Google etc. you may receive spam in your Inbox and your friends may then start to receive emails form you that you didn’t send.
This is because a web crawler has ‘guessed’ your password to that account and has infected your account. Note this is not a virus in your computer but within your webmail account. They can use a dictionary attack to run all common words and names to find a password.
So use a password that is not easy to guess. Use a combination of Capital and small letters, numbers and symbols. So if your password is currently something basic such as ‘password’ you could simply change it to P@ssw0rd! You can remember to swap the ‘a’ for an ‘@’ the ‘o’ for a ‘zero’ and add a symbol on the end. In your head the word is easy to remember still but not a real word. Using passwords that are insecure like names and real words is a sure way to have your email account hacked.
Also change this password regularly to avoid any possible attack. There is even a website you can test how secure your password really is at www.howsecureismypassword.net you will be amazed at the result so change those passwords now.