What to do if your Hotmail account got hacked – the recent spate of attacks on Hotmail accounts
If your friends and contacts have received an email or IM message from your Hotmail account with wording along the lines of "I would like to introduce a good company who trades mainly in electronic products... etc" - it is highly likely that your Hotmail account has been compromised.
IF YOU ARE THE POOR SOUL THIS HAPPENED TO, THEN YOU SHOULD READ ON AND FOLLOW THE INSTRUCTIONS AT THE BOTTOM OF THIS ARTICLE.
In most cases when a spam email is sent in your name to someone else, the spammer doesn't need access to your account. All they need to do is spoof your email address - i.e. make it look like it was sent from you. That's very simple to do, and is very common.
However, the latest spate of spam from Hotmail accounts is different in that the attackers actually hack into your Hotmail account and then do some or all of the following things:
- They send a spam email to all your contacts.
- They may send a spam IM message to all your Messenger contacts
- They may delete all your Hotmail contacts
- They may set your autoresponse (the one you set when you go away) to send this spam message
- They may set your email signature to include the spam message
You know that they have hacked into the account because you can see clearly that they have sent an email from it to all your contacts, or even an instant message. They would not be able to do this if they did not have access to the account.
HOW IT HAPPENS
I don't have a definitive answer, but I do have a theory which, based on the evidence, looks likely. If your password is a common name or a word that appears in a dictionary, then your account is vulnerable, even if it has a year of birth or number attached to it.
This is how the hackers do it:
- They employ an automated script that is fed your Hotmail address and then goes to work./li>
- It feeds the entire dictionary and common passwords and names into Hotmail one by one, trying to log in.
- After several attempts Hotmail "locks" the account and present a CAPTHCA (i.e. a string of wonky letters and numbers that are supposed to stop scripts from doing exactly that, because only a human can read these letters, supposedly).
- Unfortunately the CAPTCHA method no longer stops scripts, because hackers have found ways around them. One of those ways works by using sophisticated character recognition software that can read the wonky letters. Another is to feed the letters to "CAPTHCA farms" - the letters are fed to human users, employed by the hackers to read and enter CAPTCHAS, and they are often paid by the number of CAPTCHAs they enter (for example 1 cent per entry). This becomes viable financially if the spam is part of a bigger scam. The scale of the deception means it makes more money, especially because people are much more likely to trust spam messages sent by their friends. This achieves greater returns for the hackers and means they can attack many accounts, bypassing email security systems.
- Sometimes the scripts do their work over days, and sometimes weeks, to escape being caught by Hotmail's attack detection systems.
There are of course other ways for hackers to achieve this kind of attack, such as spyware on your computer, or you being deceived by a rogue website. My instructions below would help you tackle these as well.
WHAT SHOULD I DO IF MY HOTMAIL ACCOUNT GOT HACKED?
Go through the following steps, one by one:
1. Before you do anything else, change your Hotmail account password to something very safe. Not a dictionary word or name, or even a word and numbers. Use symbols such as $ and & in your password, and make it long. I know it is difficult to remember, but if you don't want to be hacked, you'll have to start using strong passwords.
2. Now check that your autoresponse and email signature on Hotmail do not have any spam text added to them, as this would go out to your contacts automatically.
3. Then check that your computer does not have spyware or viruses, by following the instructions here.
4. From now on keep your passwords safe, and be extra careful when using public computers (such as those in Internet cafes). If in doubt - change your passwords.
5. You may want to alert Hotmail support to the problem. It seems to be happening all over the place, and the more they know about it, the better it is for their efforts to address it.
And please note: if for some strange foolish reason you decide to go to the site advertised by the spammers, and you are even more foolish and decide to buy something on it, don’t be surprised if it never arrives. This is a well known scam, and you will never get your goods, you muppet.
How Do I Flush a DNS cache?
This article was written originally to help those who could not access Photobucket after a DNS attack, but is retained here, to help anyone who needs to flush their DNS cache.
Because of the nature of dns, a dns problem (due to a technical glitch or hacking), can take up to 48 hours to resolve, and resolution relies on your Internet Service Provider (ISP) fixing things on their end, so your first course of action is to speak to them.
Then, you may wish to ensure that things are clear on your end, by flushing your DNS cache:
How do I flush my dns cache?
- Click on Start--> Programs --> Accessories --> Command Prompt.
- A little black command prompt opens. In it type: ipconfig /flushdns
- Hit return. You should see the lines: Windows IP Configuration. Successfully flushed the DNS Resolver Cache.
- Try accessing Photobucket again.
- You might try to restart your computer, just in case.
Mac users (except Leopard): Finder windows Applications --> Utilities --> Terminal and type in lookupd -flushcache, then hit return.
Leopard users: Open a terminal window and type in dscacheutil -flushcache, then hit return.
============================================
For the background to the Photobucket story - go here.
THE ORIGINAL COMMENTS THAT WERE LEFT HERE AT THE TIME OF THE PHOTOBUCKET PROBLEM APPEAR AT THE BOTTOM OF THIS ARTICLE, WITH THANKS TO THOSE WHO CONTRIBUTED.
============================================
Photobucket hacked – and how not to handle your customers when you get hacked!
Above: Photobucket down - site as seen by some users yesterday.
Photobucket was hacked yesterday, using what seems like a dns hack*
*see "what is a DNS hack?" at the bottom of this post.
Because the Photobucket outage was dns based, it meant that some people could still access the site, whilst others either got a hackers message, or a completely different website.
Users on discussion boards started debating the hacking with headlines like: "Was Photobucket site hacked?", "Photobucket hacked!" and "!!!Photobucket.com Has Been Hacked!!!"... you get the picture. In other words, it was all over the Net, with screenshot evidence and some genuine concern from users about the ability of Photobucket to keep their content and payment details safe.
What concerns me most about this story isn't actually the hack itself. What I find worrying is that Photobucket didn't put their hands up and say: "yes, we were hacked, Photobucket was down" or "yes, we suffered a dns hack!" or even, "it appears that Photobucket suffered a dns hack, we are looking into it and will come back to you as soon as we know more".
Instead what Photobucket did was:
a. say nothing on their blog.
b. say nothing on their site.
c. When users started discussing this on Photobucket's own support forums, their admin came back with this:
"On Tuesday afternoon, some users that typed in the Photobucket.com URL were temporarily redirected to an incorrect page due to an error in our DNS hosting services. The error was fixed within an hour of its discovery, but due to the nature of the problem, some users will not have access to Photobucket for a few hours as the fix rolls out. It is important to note
that only a portion of Photobucket users encountered the problem and that no
Photobucket content, password information or other personal information was
affected by the redirect. "
"due to an error in our DNS hosting services."? An error, as in a technical error? One that happened to redirect users to a message from a Turkish hacker?
This is very old-school: 'let's not admit anything and hope for it to go away'. The problem is that on the Internet, you can't use these sort of tactics anymore. Users have become more savvy, and they expect the kind of openness that Jeff Jarvis demanded from Dell, during his "Dell Hell" experience.
The key message here is: if you put your hands up and say - this is what went wrong, and here's what we're doing to fix it, users will trust you. If you don't tell the truth and your customers suss you out, they will rightfully ask: 'what else are they hiding from us?' Would I know if my details ever got compromised? Why should I trust this company?
It's still early hours - Photobucket, you could still issue a statement and tell us what has actually happened. Why was Photbucket down? Leave it longer, and your users might not be as forgiving.
UPDATE: Some two days have passed since this started, and still nothing official on the company's website, nothing on its blog and nothing in the press area.
Still not able to access Photobucket? Click here for some help.
============================================
What is a DNS hack? A dns hack alters where your computer browser goes when you type in an Internet address. Every web address (like www.thatdanny.com) has a corresponding number like 66.118.156.62 which is its real address (like a telephone number). When you enter a URL, your browser goes to a directory (called dns-"domain name server"), which tells it what the number of the domain is, so that it can find and display it. Thus, if you can change an entry in the dns directory by hacking into it, you can cause users to go to a completely different website. This is what appears to have happened with Photobucket.
============================================
MORE PHOTOBUCKET INFORMATION:
For the latest updates - go here.
============================================