My email account has been hacked, I guess you could say. My account is sending out spam to my contacts. I deleted all my contacts. Today I put my wifes email into my contacts and she gets a spam email from my account.
Do I need to get a new email account? Or is there something else I can do to end this mass spam issue?

Thanks.

Here's the Google/GMail take on the subject. Most of it seems applicable to pretty much any email service I think. I bolded the two things I'd do first, although I'm just a rank amateur that hasn't even stayed at a Holiday Inn Express recently. My unsophisticated analysis would be that, because of the contacts seemingly being accessed, this is more than just spoofing but rather someone is (either literally or effectively) accessing your email account.

My Contacts say I sent spam to them, or I found suspicious access to my account.

If your Contacts received spam from you, or if you find access activity that you can't account for, we suggest taking the following steps as soon as possible.
Make sure your operating system is up-to-date. Be sure you've downloaded and installed any critical Windows updates from Microsoft, or Mac OS updates from Apple. We recommend enabling automatic updates.
Check for viruses and malware. Run a scan on your computer with a trusted anti-virus software. If the scan detects any suspicious programs or applications, get rid of them immediately. Note: We have no connection with these companies and can't comment on their effectiveness. We can tell you, though, that trying all of these programs often makes a difference, as does having the latest versions.
Google Pack - Norton Security Scan, Spyware Doctor
Kaspersky Free Virus Scan
Spybot Search and Destroy
Lavasoft Ad-Aware
MacScan
Change your password. Make sure you choose a password that contains a combination of numbers, characters, and case-sensitive letters. Never reuse your Gmail password on any other website. These steps will help strengthen the security of your account.
Update your recovery email address and your security question. Should you ever lose access to your account, these two items will be vital to recovering your account. Make sure that you have access to the email address listed as your recovery, and the answer to your security question should be easy for you to remember, but hard for others to guess.
Check your Settings. Click Settings at the top of any Gmail page and verify that the following items have not been changed:
On the General tab: Your Signature, Vacation Responder and Browser Connection.
On the Accounts and Import tab: Send mail as.
On the Filters tab: Look for any filters you did not create, especially filters that forward your mail.
On the Forwarding and POP/IMAP tab: Look for any changes you did not make.
Use a secure connection when signing in to Gmail. In your Gmail settings, select 'Always use HTTPS.' This setting helps protect your information from being stolen when you are signing in to Gmail on a public wireless network, like at a cafe or hotel.

Also, to make sure that no one gains unauthorized access to your account:
Never tell anyone your password or security question and answer, and don't write them down.
Never send this information by email.
Never give out your gmail password after following a link sent to you in an email. Access gmail directly by typing mail.google.com in your browser's address bar.
Don't reuse your Gmail password on other websites.
Periodically change your password and security question.
Keep your recovery address up to date.

Ideally, I'd change your password, ASAP, on a known "clean" computer as yours could very well have a keylogger installed and therefore making the password change useless.

Once that's done, virus scan the crap out of your computer.

Ideally, I'd change your password, ASAP, on a known "clean" computer as yours could very well have a keylogger installed and therefore making the password change useless.

Once that's done, virus scan the crap out of your computer.

+1, someone like gstelmack or Alan T will probalby have better or more thorough advice, but it sounds more like your PC has a virus and that virus is trying to spread it or some other crap via your e-mail account if it can figure out how to use it.

That's not an e-mail account hack, that's a typical Outlook virus on the PC. However, hard to tell with the lack of info on e-mail service / reader in the original post.

And listen to Alan T over me on virus advice, I'm just a placeholder with some (hopefully) reasonable ideas to tide you over, he knows more about it than I do.

If your email has been hacked as it sounds pretty likely that it has based on what you posted, you want to immediately do the following:

1a) Scan your computer for viruses/malware
1b) Change the password on your email.


Even if you change your password for your email from a "dirty system", you can simply re-change it again in a little bit. Generally changing the password asap though will stop the current spam and possibly give you a little reprieve while trying to figure out what allowed them to access your email in the first place.

Now to figure out how they got into your email, sometimes it is impossible to know for sure, but most common ways are:

- Keylogger/virus on your system thanks to something you either downloaded that was infected, or from simply web browsing to infected sites (could be legitimate sites that have infections). Usually keeping your computer updated on new security patches and running some form of script blocker (such as firefox/noscript) will help best against these type of things. It is ideal to run one of the better anti-virus detections with updated signatures too, even though it is not uncommon for new viruses to become pretty wide-spread before Antivirus is able to handle them. (Thus why it is important to keep your system patched and to block scripts from websites when you don't need them to run).

- Poor password. Many email systems won't let you use dictionary based words any more, but it is still a very common method of breaking a password by simply running dictionary based attacks on an account. If your password is simply some word (or even a word with a fancy letter change such as a Zero instead of an O or a One instead of a l ) then it is not very secure.

- Shared password: Do you use the same password for your email that you do on forums or other online login systems? It is often very easy to hack insecure forums on the internet, and the number of people that use the same password for everything is mind boggling. If you use the same password for your forum logins that you do for email, stop it. All someone has to do is break into a forum DB and then they can find your email address, use the same password and they suddenly have access to a whole bunch of other things.

I had thought the original poster had indicated google email. But now see that was a follow up post.

If it is a google account, I am assuming the account was hacked. If it is some other type of account and the contacts you talk about are local such as in outlook, then that is slightly different. However the advice to scan your system and change your password is sound advice regardless of which scenario it is.

It is a yahoo account. I scanned my computer and found a virus. I changed my password, also. The emails go out at about the same time every night. I only have my wifes account right now in my contacts. I will see if she gets another email tonight.

Again, thanks for all the help. I really appreciate it.