What to do if your Hotmail account got hacked – the recent spate of attacks on Hotmail accounts
If your friends and contacts have received an email or IM message from your Hotmail account with wording along the lines of "I would like to introduce a good company who trades mainly in electronic products... etc" - it is highly likely that your Hotmail account has been compromised.
IF YOU ARE THE POOR SOUL THIS HAPPENED TO, THEN YOU SHOULD READ ON AND FOLLOW THE INSTRUCTIONS AT THE BOTTOM OF THIS ARTICLE.
In most cases when a spam email is sent in your name to someone else, the spammer doesn't need access to your account. All they need to do is spoof your email address - i.e. make it look like it was sent from you. That's very simple to do, and is very common.
However, the latest spate of spam from Hotmail accounts is different in that the attackers actually hack into your Hotmail account and then do some or all of the following things:
- They send a spam email to all your contacts.
- They may send a spam IM message to all your Messenger contacts
- They may delete all your Hotmail contacts
- They may set your autoresponse (the one you set when you go away) to send this spam message
- They may set your email signature to include the spam message
You know that they have hacked into the account because you can see clearly that they have sent an email from it to all your contacts, or even an instant message. They would not be able to do this if they did not have access to the account.
HOW IT HAPPENS
I don't have a definitive answer, but I do have a theory which, based on the evidence, looks likely. If your password is a common name or a word that appears in a dictionary, then your account is vulnerable, even if it has a year of birth or number attached to it.
This is how the hackers do it:
- They employ an automated script that is fed your Hotmail address and then goes to work./li>
- It feeds the entire dictionary and common passwords and names into Hotmail one by one, trying to log in.
- After several attempts Hotmail "locks" the account and present a CAPTHCA (i.e. a string of wonky letters and numbers that are supposed to stop scripts from doing exactly that, because only a human can read these letters, supposedly).
- Unfortunately the CAPTCHA method no longer stops scripts, because hackers have found ways around them. One of those ways works by using sophisticated character recognition software that can read the wonky letters. Another is to feed the letters to "CAPTHCA farms" - the letters are fed to human users, employed by the hackers to read and enter CAPTCHAS, and they are often paid by the number of CAPTCHAs they enter (for example 1 cent per entry). This becomes viable financially if the spam is part of a bigger scam. The scale of the deception means it makes more money, especially because people are much more likely to trust spam messages sent by their friends. This achieves greater returns for the hackers and means they can attack many accounts, bypassing email security systems.
- Sometimes the scripts do their work over days, and sometimes weeks, to escape being caught by Hotmail's attack detection systems.
There are of course other ways for hackers to achieve this kind of attack, such as spyware on your computer, or you being deceived by a rogue website. My instructions below would help you tackle these as well.
WHAT SHOULD I DO IF MY HOTMAIL ACCOUNT GOT HACKED?
Go through the following steps, one by one:
1. Before you do anything else, change your Hotmail account password to something very safe. Not a dictionary word or name, or even a word and numbers. Use symbols such as $ and & in your password, and make it long. I know it is difficult to remember, but if you don't want to be hacked, you'll have to start using strong passwords.
2. Now check that your autoresponse and email signature on Hotmail do not have any spam text added to them, as this would go out to your contacts automatically.
3. Then check that your computer does not have spyware or viruses, by following the instructions here.
4. From now on keep your passwords safe, and be extra careful when using public computers (such as those in Internet cafes). If in doubt - change your passwords.
5. You may want to alert Hotmail support to the problem. It seems to be happening all over the place, and the more they know about it, the better it is for their efforts to address it.
And please note: if for some strange foolish reason you decide to go to the site advertised by the spammers, and you are even more foolish and decide to buy something on it, don’t be surprised if it never arrives. This is a well known scam, and you will never get your goods, you muppet.
What do I do if I have a Virus? (Virus Removal and Virus Protection)
What do I do if I have a Virus? (Virus Removal and Protection)
This article covers what to do if you have a virus, or suspect you have a virus on your computer.
THE CAUSE
You are usually vulnerable to a virus under the following conditions:
1. You have virus protection on your computer, but it is not up-to-date.
2. You have virus protection on your computer, but the virus got through anyway.
3. You have no virus protection at all.
THE SYMPTOMS
Your computer is behaving strangely or in an unexpected way, for example files disappear or become corrupted, your email program seems to be sending emails but you don't actually see anything being sent or your Internet browser keeps redirecting to websites that you didn't want to go to. There a re many other possible symptoms, but in most cases you will notice that something is wrong.
For all of the above, there are perfectly reasonable explanations that may not be a virus, such as hardware and software malfunctions, but they could also be the result of your system being infected, so it is wise and prudent to do something about it, bearing in mind that you can do so for free.
WHAT TO DO IF YOU SUSPECT YOU HAVE A VIRUS ON YOUR COMPUTER
Disclaimer: These steps would help in most cases, but if your system is so badly damaged that it is beyond repair, the following steps may be too late, and some of your data may be lost. You follow them at your own risk. Then again, if you have a virus on your machine, you probably need to do something about it anyway.
If you already have virus protection on your computer:
-
a. Make sure it is up-to-date and in licence. If it has expired and you no longer have virus updates, then it is as good as not being there at all. Either renew your licence and scan your computer for viruses, or uninstall it and follow the steps below.
-
b. Make sure you do not have more than one virus protection program on your computer. Having more than one provides less, not more, protection. Virus protection programs clash with each other and are likely to reduce your protection. If necessary uninstall the surplus virus programs (but make sure you keep the one that still has an update subscription, if you have one).
NOW FOR VIRUS SCANNING
My approach uses three sets of tools to ensure that if you do have a virus, it is detected and removed:
-
b. Now download and run the free virus tool from McAfee, stinger.
-
c. Finally download and runAd Aware on your machine. The free version will do. This will check to see that you do not have "spyware" on your computer. Nasty programs that send information about you to their creators, or change your settings to serve you unwanted commercial advertising.
Important note: The above programs tend to detect "tracking cookies" as a "threat". It is likely that quite a few of those would be found on any computer. Though unwanted, they are NOT the risk that is causing you problems. Remove them when asked, but if they are the only thing your scans have found, then your system is very unlikely to have a virus on it.
AND FINALLY - PROTECT YOURSELF FROM FUTURE ATTACKS
By this stage you are likely to know if your computer has indeed had a virus. The scans would have revealed it, and helped you fix the problem. Now is the time to think about protecting your computer longer term.
There are many commercial products out there, and I have had a good experience with the following:
For Windows Vista: Norton Internet Security 2008 up to 3 Users
For Windows XP: ZoneAlarm Internet Security Suite 2008 - 3 User Pack
Both of these are good for up to three PCs which is what your average household would use. If you have only one, look for a version that serves one machine.