How do scammers insert the change into a return address for a scammed email?

It’s a piece of cake to write a program to run on your machine and munge email addresses.

The To: undisclosed recipients: is a big red flag too.

@ETpro why? isn’t that the same as BCC?

Yes, but would your friend write to you and a list of BCCs? The scam artist is gimmicking the email address to lots of recipients in hoped of hitting one who will fall for it.

All on her mailing list?
I sent her a copy before having it reported as spam at gmail and she told all her friends she was safe and sound back at home.

Then she changed her password. Did that matter or were passwords no obstacle anyway?

I hope nobody fell for it before the news got out. Good job reporting it.

One way to seem to come from your friend is to send a trojan into their account to steal all their contacts and make it seem they were the sender.

@ETpro thanks they went to Bermuda, not Spain, as the email claimed, and most of her friends knew that. so shouldn’ have been too bad.

But tthe password was no deterrent whatsoever, correct?

@YARNLADY only if one was unfortunate enough to reply to the address without examining it. Which I may have done two years earlier in a similar case.

@anartist I don’t know how they compromised the email. Could be they cracked your friend’s account. If it was Yahoo mail it’s unlikely they were able to place a Trojan on the mail server.