It is likely that you addresses were harvested. If this is the case do nothing, I get about 10 of these a day from various people I know.
Check if it looks like this from the recipients view point?
1. Email arrives showing your name (someone else's list was harvested with your name in the contacts so you are getting it)
2. It has a general title and just a single link in it.
3. If you hover over the email FROM name or inspect it then it is not actually from your email account but some other junk account being used with your name like a mail merge. This is designed to catch the less technical or rushed into clicking it as they think it is from you.
4. The link is also a cover for another URL which can be seen by hovering over it for a moment. You can check this as well if you like, sometimes you might find out which breach provided your details.
If you want to check the underlying email that actually sent it then hit reply-to so it shows the email address and put it into google and it will show you where else this has been used.
I hope I don't have to say "DONT CLICK THE LINK" although I have never done so and as a result don't know where it goes! TRAIN ALL OF YOUR STAFF AT YOUR COMPANY ON THIS." it is how ransomware gets in. Microsoft backup to OneDrive on office365 does not solve this. Best product I have seen for this to date is Sentinel ONE which has a rollback capability but this is a business type product to be used in conjunction with Miicrosoft Defender/EndPointManager.
1. This is not from your email account but has been masked to look like it is to go phishing. People less technically savy or in a rush are meant to see your name, feel it is trustworthy and so click the link without thinking. It is not from your account in nearly every case if the above are true.
2. You can send an email to your friends saying that your account has not been hacked but one of the services you share your contacts with probably has so you are sorry on their behalf and to ignore all the links like (insert screen capture of example email) this. Unfortunately you have no way of stopping them, it is a big interweb spam thing.
3. Sign up with one of the monitoring sites like
https://haveibeenpwned.com/ and it will show you where a breach has led to you being grifted. Look at the list and then compare it to the various sites and mobile apps which you have given access to your contacts to.
4. Change the password on the hotmail account now anyway, it won't hurt.
5. See 4 - now
6. I said see 4 - NOW.
7. Have a look on your phone and see what applications you have granted access to contacts and consider if they really need them. Chances are that one of them (Yes FarceBook I am looking at you) has been granted access, it has then sync'd them with FB-HQ cloud service so you "can use them across all your devices" and "mined for revenue purposes" this was breached several times and they do not give a damn.
7. Treat as one of those things that happen on the Interweb and don't get stressed.
It can lead to a couple of thoughts.
1. Is my antivirus/phishing software up to date. Buy a modern one with phishing protection.
2. Does my business have insurance against a ransomware infestation or viral attack and it's impact on my ability to do business.
3. When did I last take a backup
But the most important thought.
Is that old pencil in the draw still sharp, do I have some paper to write on and what's this pile of technical crap worth on eBay if I flog it?
If it has come from your actual email account then panic and inform the bank instantly. Then PM me.
