That Danny!
If your friends and contacts have received an email or IM message from your Hotmail account with wording along the lines of “I would like to introduce a good company who trades mainly in electronic products… etc” – it is highly likely that your Hotmail account has been compromised.
IF YOU ARE THE POOR SOUL THIS HAPPENED TO, THEN YOU SHOULD READ ON AND FOLLOW THE INSTRUCTIONS AT THE BOTTOM OF THIS ARTICLE.
In most cases when a spam email is sent in your name to someone else, the spammer doesn’t need access to your account. All they need to do is spoof your email address – i.e. make it look like it was sent from you. That’s very simple to do, and is very common.
However, the latest spate of spam from Hotmail accounts is different in that the attackers actually hack into your Hotmail account and then do some or all of the following things:
- They send a spam email to all your contacts.
- They may send a spam IM message to all your Messenger contacts
- They may delete all your Hotmail contacts
- They may set your autoresponse (the one you set when you go away) to send this spam message
- They may set your email signature to include the spam message
You know that they have hacked into the account because you can see clearly that they have sent an email from it to all your contacts, or even an instant message. They would not be able to do this if they did not have access to the account.
HOW IT HAPPENS
I don’t have a definitive answer, but I do have a theory which, based on the evidence, looks likely. If your password is a common name or a word that appears in a dictionary, then your account is vulnerable, even if it has a year of birth or number attached to it.
This is how the hackers do it:
- They employ an automated script that is fed your Hotmail address and then goes to work./li>
- It feeds the entire dictionary and common passwords and names into Hotmail one by one, trying to log in.
- After several attempts Hotmail “locks” the account and present a CAPTHCA (i.e. a string of wonky letters and numbers that are supposed to stop scripts from doing exactly that, because only a human can read these letters, supposedly).
- Unfortunately the CAPTCHA method no longer stops scripts, because hackers have found ways around them. One of those ways works by using sophisticated character recognition software that can read the wonky letters. Another is to feed the letters to “CAPTHCA farms” – the letters are fed to human users, employed by the hackers to read and enter CAPTCHAS, and they are often paid by the number of CAPTCHAs they enter (for example 1 cent per entry). This becomes viable financially if the spam is part of a bigger scam. The scale of the deception means it makes more money, especially because people are much more likely to trust spam messages sent by their friends. This achieves greater returns for the hackers and means they can attack many accounts, bypassing email security systems.
- Sometimes the scripts do their work over days, and sometimes weeks, to escape being caught by Hotmail’s attack detection systems.
There are of course other ways for hackers to achieve this kind of attack, such as spyware on your computer, or you being deceived by a rogue website. My instructions below would help you tackle these as well.
WHAT SHOULD I DO IF MY HOTMAIL ACCOUNT GOT HACKED?
Go through the following steps, one by one:
1. Before you do anything else, change your Hotmail account password to something very safe. Not a dictionary word or name, or even a word and numbers. Use symbols such as $ and & in your password, and make it long. I know it is difficult to remember, but if you don’t want to be hacked, you’ll have to start using strong passwords.
2. Now check that your autoresponse and email signature on Hotmail do not have any spam text added to them, as this would go out to your contacts automatically.
3. Then check that your computer does not have spyware or viruses, by following the instructions here.
4. From now on keep your passwords safe, and be extra careful when using public computers (such as those in Internet cafes). If in doubt – change your passwords.
5. You may want to alert Hotmail support to the problem. It seems to be happening all over the place, and the more they know about it, the better it is for their efforts to address it.
And please note: if for some strange foolish reason you decide to go to the site advertised by the spammers, and you are even more foolish and decide to buy something on it, don’t be surprised if it never arrives. This is a well known scam, and you will never get your goods, you muppet.
If you enjoyed this article, please consider sharing it!
Hi Doug…same thing happened to me today, March 18th. Did your run a virus scan too?
My account sent messages to all my email addresses to a google site that sold Viagra, or various other things today 3/18/2010 at 4:47 PM. I found a trojan in my computer. I was able to change my passwords and keep everything.. but I’m definitely NOT happy.
My account got hacked as well, March 18th. Sent out emails to all of my contacts yesterday and today. Fortunately my contact list was not deleted. Ran multiple, full anti-virus, anti-malware scans and found nothing. Thought I had a pretty strong password, but I guess not. Changed it to an even stronger password.
my account is hacked since last two das n password has been changed i have all my contacts in that & m facebook ,s password is also changed is been deletd m very upset because i have my family pictures in that and all my personal infromation plz help me acess my account.
same exact happened to me today…i had an impossible password,,how it was cracked i dont understand, it was the most random combo of letters, numbers and symbols!! i feel i cant trust any password protection use anymore..also had hotmail since 2003, guess im switching to another as well,,,i wonder if its any coincidence that i got a new droid phone, synched it, and now this is happening……
One hacked account here too. The autoresponse was on.
Got dinged myself too. It happened couple of days ago, one of the folks on my contact list told me it was happening. Managed to change the password to something way more secure, automessage was still off and still had my contacts, but damn if I don’t feel violated. Not sure if I should continue with this one or move on to a different mail system. :(
My Account Was Compromised So I Deleted It I Now Use Yahoo And So Far So Good
This happened to me today at 9:00AM, luckily I found out because of a long chain of “you sent an e-mail to an outgoing address only”. Thank you so much for the writeup. God bless you.
I woke up this morning to find that my Hotmail account had been hacked. It was done sometime between 8PM EST 03-21-22 and 9 AM EST 03-22-10.
My hotmail acct also got disabled or hacked or wateva today at 03-22-10 9:00AM … It sure is sumkind of pattern or a software glitch from Microsoft ..
damn security of Hotmail …
My hotmail was hacked around 9 am on 3/22/2010. Hacker Changed my password and now Hotmail refuses to contact me because I can’t provide a PW. Hacker sent A letter to ALL of my contacts stating I was mugged in Wales, England; was stranded at the US Embassy and needed funds wired to me so I could get home. When some friends replied to this request, the hacker responded with the Address that he wanted the funds wired to. Specifically requested $1550.00.
Can anyone tell me HOW to just delete this account??? I’m desperate!!!!
HI there
we have had an email simillar saying that i am supossed to be stock in africa send money please to help me pay my bills this has happend this morning and i have not been able to get into my account all day and it want even let me reset my password as this has been changed as well as my security question. Can anyone please help me i really need my account for work. Any help wud be greatfully recieved.
AJ These Emails Are Nothing More Than Scams Cancel Your Hotmail Account And Open An Account With Yahoo Trust Me I Know
This happened to me on Mon, 22 Mar 2010 23:20:08 -0700. Thankfully, not many contacts in that account. No settings changed. PW not changed. AND, nothing in my sent items folder. I don’t get it? My account is linked to my iPhone, but there is no “sent items” folder on my phone. So no record of having sent the spam, but I’m getting failed delivery notices. The email just has a link to a google site for a canadian pharmacy.
My account got hacked however I am unable to access my account because the hacker has changed my password and I have been unsuccessful with hotmail to change my password with out accessing my email account. It is a catch 22. I keep sending a verification for and e-mail to the support team and they keep linking me to the same dead end. Any suggestions? It has been 48 hours now and the hacker is having a field day with my account.
My hotmail account got hacked yesterday. An email was sent to my contact list re a website called royoy selling bags etc. My contact list is still in tact, i can’t see any autoresponse or signature and I changed my password first thing – they wont be able to do anything more now will they, new password is very secure?
Heather, I think the reason you are getting failed delivery notices is because someone has been sending them out using your email address, but either the addresses they sent them to do not exist, or the owners of those email addresses have decent security blocking them at their end.
Fiona, NO account is completely safe from hacking. There are hacking programs out there specifically designed to hack Hotmail. I have actually seen a video of this program running and it was able to hack the 14-character password of a Hotmail account in 18 minutes! This is an issue that needs to be addressed by Microsoft, but as usual they are very slow to address security issues. In the mean time, use the longest, most complex password you can think of. Use upper and lower case letters, numbers, and special characters. Do not use words that would be listed in a dictionary. Do not use a series of numbers in a row such as 123456. Good luck.
Deonna same message; what did you do? I cannot seem to find anything on how to contact Hotmail….
My hotmail account of 13 years was hacked last night, i woke up at 3am to the sound of new mail being delivered one after the other… on checking it was contacts that longer worked and were being sent back, either way I changed the password immediately and watched for incoming email, that seemed to stop the send outs, I then cut all my email to PST file (local to my home PC/MAC) not up on the Microsofts MSN Server on the Web, and exported all contacts (if you can import them then all the better into Outlook or something similar), I then deleted all my contacts, i then deleted all email from send & junk, other folders so there is nothing in it mail wise….
I also email hotmail there is a email address abuse@hotmail.com ( not sure if it does anything or if its part of a scam )
Suggest you also watch your bank accounts for Visa type transactions and change passwords to import things like online banking, anything thats been sent back to your compromised hotmail account like a receipt that may contain your visa mastercard details, and also idiot companies that send back you passwords in clear text.
I will continue to watch my faithful old hotmail account but i will wean people of emailing it, and not send important things via it, I WILL ASLO set the option to delete immediately so it doesn’t hold details (mail items on the server) but saves them straight to my local machine PST file or equivalent depending if you use MAC PC LINUX etc.
Really Gutted, a rather concerning experience.
Steve
IT Bod.
does anyone really know how these hackers get the passwords….not only was our hotmail account hacked but a friend’s account at yahoo too…so its not just hotmail…I guess they have software that can crack all passwords. How can we stop them?
My email was hacked and someone was sending emails to my contact list for links to a canadian mail pharmacy for specials on viagra. Thanks for your help. I checked my autoresponse and will be changing my password.
My account got jacked today (March 30). An email was sent to my contacts stating that I am in the UK with a dying Aunt, and I need money to bring her back to the states for surgery. I am not in the UK, all of my Aunts are fine, and I don’t need money any more than anybody else!! I tried to go in to my hotmail account to change my password, and apparently the password has already been changed, and I can’t get in!!! So notifying me via email just won’t work, but I can’t in.
My hotmail account got hacked a few months back. It sent spam to all my contacts. I got frustrated but didnt want to delete my account as I have had it for so many years. I opted instead to delete all my hotmail and msn contacts.
I have just been alerted by a couple of old contacts that they have received spam email from me again. I have checked and my contact list is empty….can anyone explain this?? If my account got hacked again how have they sent spam to my old contacts that are no longer my contacts???
Same here. So far it sent the viagra email to all my contacts. I guess I’ll change my password and delete a bunch of my contacts to be on the safe side.
My hotmail account got hacked. I didnt notice any spam emails being sent to my contacts, but the hacker did change my password and my security question. He also did the same on my secondary email address making it impossible to recover my password. I have spent countless hours reading forums and dealing with Hotmail on the phone and they cannot help me. Because Hotmail is a free service they do not offer a customer service email or phone number. Just the pay “msn.com” domain offers this service.
After speaking with Hotmail they told me that the ONLY way I can regain access to my email is:
1. Ask the hacker to give it back and he complies (not likely)
2. Find a hacker to hack back into it for you and get the information you need from it.
So pretty much hotmail is telling me that I need to hack in to my account to stop the hacker because they cannot help me.
Oh yeah, and I emailed my old account asking “if you have hacked my computer can you please give it back” and the hacker responded to my email by saying “I will give you back your email if you wire $1000 via Western Union to me and your account password will be sent back to you 10 minutes after the transaction is complete.”
FML
Same case of dying aunt, this time in Malaysia.
I got hit too. I changed my password so no more problems except when I open up a new email page the spam message is already there and has to be deleted before I send any emails. Here is the spam message complete with email addresses and url’s [removed so as not to promote them - ThatDanny]–
~hey dude.I find a place for iPhone ,blackberry 9700 SONY ,Laptop even HONDA Motorcycle ,price incredible low as wholesale&retail business.all are original quality with international warranty. if you like you can have a look : www. [removed] .com
E-mail : [removed]
MSN: [removed]@hotmail.com
Happened here too. My friend called me right away and asked me why I am sending her a link to a Viagra website. Everyone who knows me knows that I would never spam them and I sent out an email to my whole contact list telling to beware of the previous message that appeared to be sent by me. My list was in tact and no auto reply was on but now I am wondering what further steps I should take. Geez, even my business contacts were eMailed! To the previous person who said it might have something to do with syncing other accounts, you may be right because I just recently linked this account with other eMail accounts that I have. I followed the instructions on this site, boy I hope it is enough!
Hacked here too. Phony iPhone messages sent to contacts. Sadly the hacker also deleted most of the emails in my inbox, sent items, etc. Bah.
Seems Hotmail may be too risky to keep using – my pw was strong but that didn’t help.
“My hotmail was hacked around 9 am on 3/22/2010. Hacker Changed my password and now Hotmail refuses to contact me because I can’t provide a PW. Hacker sent A letter to ALL of my contacts stating I was mugged in Wales, England; was stranded at the US Embassy and needed funds wired to me so I could get home.”
This exact think happened to my wife this morning. Hacker changed pass and now we’re locked out. Bye Bye hotmail I guess.
My hotmail was hacked too and same thing that I was stuck in London and need money. They locked me out of my account, but luckily I was able to get in through my blackberry reset. What a mess – they shouldn’t be allowed to do this. Don’t know if it is safe anymore – I think I will just cancel it as I am worried…..
Yup.Hacked today.Cant access my acct. at all!so, can’t change password,can’t shut it down……what do i do! Any suggestions? Can’t even find anywhere to report/complain to!
I was hacked today (April 9). I found out because I have another hotmail account so I can mail back and forth to check formatting etc. on emails and so I saw the message from the “hacked” account in the “clean” account (though I’m totally paranoid about that one too!) I will be changing my pw but that may not be enough. I’ve had this account for 12 years and it will be a major hassle to switch.
Hi, my hotmail account was hacked yesterday too. Cant sign in my email account too. What should I do? How can I report to the authority?
Hi, My hotmail acount has been hacked today and password and secret question changed! I can not sign in now. How to go about getting it back or reporting it to some competent authority.
It appears hotmail/msn do not give a damn. I was hacked into yesterday they also got into my ebay account and orederd lots of stuff. It would be right for MSN to supply help (telephone or live help) to the victims of hackers. Both Ebay and Paypal sorted out the problem immediately. Hotmail haven’t even responded to me after filling in three of their account compromised forms, (have sent 3 now since last night). There really should be something done about this issue an MSN/Hotmail should be made to supply help if it is a paying account or not. People hold a lot of sensitive information in accounts be it right or wrong to do so. If I ever get my account back now I will be closing it and not using hotmail again.
Mine was hacked too, on the 13th of April – two emails sent out to contacts, can’t tell if the autoresponder is on or not. Told the contacts it was NOT from me, obviously. The email message sent was:
“~hey friend.I find a place for iPhone ,blackberry 9700 SONY ,Laptop even HONDA Motorcycle ,price incredible low as wholesale&retail business.all are original quality with international warranty. if you like you can have” (deleted rest due to spam urls being listed)
I was hacked too in my hotmail account, sometime between midnight and 8am…mugged in England and now need money. Don’t know what I can do to reset password as they have locked me out?!?! Anyone have any help/suggestions/etc?!??
My boyfriend has had his acct. hacked. However, what’s happening is the person has sent me messages (from his acct) saying that he is a cheater (among other nasty things) . This started in december. I recieved 2 in december and one in february. My boyfriend did change his password at one point. However, we (stupidly) continued emailing each other. A horrible thing just happened. The hacker forwarded MY love emails to other female friends on his contact list. So bottom line is this person can get into his acct. and see and use all the emails that are there. In Februrary, the hacker forwarded an email from september between my boyfriend and another girl he was seeing at the time (before I met him).
My boyfriend doesn’t have much patience for technology so I don’t think he knows the answer to this, but maybe someone can help me out:
1. is there a deleted folder in hotmail such that it needs to be emptied by the user, or are they delelted and unretrievable after a few days. becasue he deleted this september email back in september. How could someone get at it months later?
2. How easy (ordifficult) is it to find out someones password from just being on an unsecured internet connection? he has been using his neighbors internet connection.
I think at this point, since everyone (who he has emailed) privacy has been violated, he needs to cancel his hotmail acct.
EXCUSE ME
MY HOTMAIL ACCOUNT(bhikhabhindi@|hotmail.com) HAS BEEN HACKED I CANT LOG IN EVEN THOUGH THE PASSWORD IS CORRECT..I FORGOT THE ANSWER FOR SECRET QUESTION
HOW CAN I RESTORE IT
MUCH APPRECIATED
HELP My account has been hacked, my email address is PLease CAN ANYONE HELP ME. I have forgotten my answers to the questions
Hotmail account hacked and hijacked on April 15, 2010. Mugged in London. Started with police report, followed with another complaint at http://www.ifccfbi.gov. Contact MSN at and file a report at http://windowslivehelp.com/solution.aspx?solutionid=6ea0c7b3-1473-4176-b03f-145b951dcb41 now waiting for all of the authorities to move forward. Is their anyway find out sender’s IP address?
I have a post from yesterday. The Microsoft link is useless. I got a response back from Microsoft’s call/support center in India, who sent me a link to the very site that I asked for help. Basically, Microsoft will put you in the loop and you will go in circles without getting any concrete help from Microsoft.
This is what I am going to do on Monday 4/19/2010, I am going to FEDEX a letter to Microsoft’s Customer Service. Here’s the address: Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
Attn: Customer Service
I will include my police report, and other evidence of being getting hacked etc. I will ask them to either contact me and help me resolve the issue or …. take legal action against them. It is a breach of trust.
I will keep you updated.
My account was also hacked starting back in March. After doing all the necessary Password changes and deleting my entire contacts list, I also checked the message source of the messages in my sent folder. The originating IP is 83.24.18.78. When doing a WHOIS check at DNSStuff.com it looks like this IP is registered to some company in Poland. If anyone else still has some of these messages in their outbox, try to do the same check and let’s report them to abuse@hotmail.com.
I can’t log in to change my password!!!! now what?
My email account was hacked into on April 20, 2010, can someone please help me get back into my account!!!!
my email was hack into last night saying that i was loss in england and need it 1850 dollars to get back home they have contact it all my contacts please help if can i need to know i to shut account down because they change my password.