Hotmail account hijacked!

Posted At : March 26, 2010 9:53 AM | Posted By : Administrator
Related Categories: Columns

My Hotmail account has been hijacked and someone is sending fake messages to my friends that I am stuck in London and need money. What can I do?

- Jim

The power of the Internet allows virtually anyone to connect with anyone else, including those with malicious intent.

Increasingly, the target of these malcontents is your e-mail account because it's the gateway to virtually everything else you do online.

For example, when you forget the password to your online banking account, you typically go to the login page and click on the 'I forgot my password' link.

This generally sends a password reset message to your primary e-mail address that you used when you created the account.

When someone hijacks your e-mail account, one of the first things that they are likely to do (after locking you out by changing the password) is search through your sent, received and saved messages to figure out which online accounts they can compromise.

Once they figure out which accounts you have (Amazon, Paypal, banks, online brokerage, etc.), they can go to each site's login page and click on the "I forgot my password" link and have the password reset instructions sent to your freshly hijacked e-mail account.

From there, they can wreak serious havoc with your identity and online accounts, because they have essentially assumed your online identity.

In your case, they chose to use your identity to attempt to fool all the contacts in your Hotmail account into sending money 'to help their stranded and distressed friend' (this particular scam has been in use for many years).

Hotmail (now called Windows Live Hotmail) has various automated methods for regaining control of your account. You can reset your password in three ways: by e-mail, by providing your secret answer, or by using the secure account validation page.

The specific step-by-step instructions from Microsoft are posted at http://bit.ly/bmxfUY .

Unfortunately, these steps are also known by the crafty hijackers, so it's entirely possible that they will change your secret answer and some of the other information that would allow you to regain control of your account.

When this occurs, you will have little choice but to work through the account validation page and wait (usually several days) to work through the process online. Because Hotmail is a free service used by hundreds of millions of people, there is no option to pick up the phone and call someone to get help.

Equally as important is understanding how your account got hijacked in the first place. In the past, Windows users were more of a target by way of sneaking a password stealing program into the background via one of the many known vulnerabilities.

Today, it really doesn't matter whether you are using Windows, a Mac or even a Linux-based system as phishing scams, brute force attacks (guessing easy to crack passwords), traffic sniffing on public WiFi networks, spoofed DNS servers or any of the other methods that have nothing to do with the operating systems are on the rise.

Additionally, you should really be much more careful about where you access your e-mail account. Computers at your workplace that are accessible by large numbers of people or public Internet terminals are two common situations that come to mind.

Anyone can tell the browser to automatically remember usernames & passwords, so if you do access your e-mail from a computer that you don't own, get into the habit of clearing out the History, Cached files, Passwords, Form data, etc. before walking away from the computer (Tools/Options/General for Internet Explorer, Tools/Options/Privacy & /Security in Firefox.)
Link to the original content.

Comments (2) | Print | Send | FaceBook | del.icio.us | Digg It! | 1128 Views
Comments
[Add Comment]
I don't keep e-mails from my bank etc on my web based e-mail accounts. I deal with the info I need and get the e-mails off the account, including out of the trash bin. As much as I love the freedom and flexibility the web gives me, I also respect it and fear the consequences of misusing it.
# Posted By Artrina | 3/27/10 8:31 AM
Hi Folks,

This is a great article and just re-enforces some of the things I always tell my customers.

1. Hotmail, gmail and many others are wonderful resources but nothing says F-You to an account hijacker like using an email account hosted by your ISP that can only be accessed by a computer residing on there network. Although this doesn't entirely eliminate the chance of being hacked it does reduce the number of people even able to hack the account by about 99% in most cases.

I also employ two techniques I find quite useful, when using a public machine and wanting to access my own accounts, I use a simple control utility called teamviewer to take over my machine at home from any computer I'm on without actually logging into anything that can be easily replicated. I use a series of predetermined one use passwords to log in(takes all of 5 mins to set up 40 before I travel), then use the control program to log in to all my secure sites from my own machine which I control remotely. Because the password I use to access it is only good for one session it does hackers no good to steal it and because my roboform utility at home enters all the passwords I use to the sites for me there is no need for me to type and no way for a key logger program to steal the information.

I was so impressed by roboform when I reviewed it that I bought to copies and have used it ever since.

I think this article is a great step in learning how to solve issues that have already happened, now let's move forward and help eliminate future issues.


Chris
# Posted By Chris | 3/27/10 10:36 PM
[Add Comment]
Site contents copyright 2004-2012 by Data Doctors Franchise Systems Inc. All rights reserved.