Q: My Hotmail account has been hijacked and someone is sending fake messages to my friends that I am stuck in London and need money. What can I do? — Jim
A: The power of the Internet allows virtually anyone to connect with anyone else, including those with malicious intent.
Increasingly, the target of these malcontents is your e-mail account because it’s the gateway to virtually everything else you do online.
For example, when you forget the password to your online banking account, you typically go to the login page and click on the ‘I forgot my password’ link. This generally sends a password reset message to your primary e-mail address that you used when you created the account.
When someone hijacks your e-mail account, one of the first things that they are likely to do (after locking you out by changing the password) is search through your sent, received and saved messages to figure out which online accounts they can compromise.
Once they figure out which accounts you have (Amazon, Paypal, banks, online brokerage, etc.), they can go to each site’s login page and click on the “I forgot my password” link and have the password reset instructions sent to your freshly hijacked e-mail account. From there, they can wreak havoc with your identity and online accounts, because they have essentially assumed your online identity.
In your case, they chose to use your identity to attempt to fool all the contacts in your Hotmail account into sending money “to help their stranded and distressed friend” (this particular scam has been in use for many years).
Hotmail (now called Windows Live Hotmail) has various automated methods for regaining control of your account. You can reset your password in three ways: by e-mail, by providing your secret answer, or by using the secure account validation page.
The specific step-by-step instructions from Microsoft are posted at http://bit.ly/bmxfUY.
Unfortunately, these steps are also known by the crafty hijackers, so it’s entirely possible that they will change your secret answer and some of the other information that would allow you to regain control of your account.
When this occurs, you will have little choice but to work through the account validation page and wait (several days) to work through the process online. Because Hotmail is a free service used by hundreds of millions of people, there is no option to pick up the phone and call someone to get help.
Equally as important is understanding how your account got hijacked in the first place. In the past, Windows users were more of a target by way of sneaking a password stealing program into the background via one of the many known vulnerabilities.
Today, it really doesn’t matter whether you are using Windows, Mac or even Linux as phishing scams, brute force attacks, traffic sniffing on public WiFi networks, spoofed DNS servers or any of the other methods that have nothing to do with the operating systems are on the rise. Additionally, you should really be much more careful about where you access your e-mail account.
Anyone can tell the browser to automatically remember usernames and passwords, so if you do access your e-mail from a computer that you don’t own, get into the habit of clearing out the history, cached files, passwords, form data, etc. before walking away from the computer (Tools/Options/General for Internet Explorer, Tools/Options/Privacy & /Security in Firefox.)
Ken Colburn is president of Data Doctors Computer Services and host of the “Computer Corner” radio show, which can be heard at noon Saturdays on 92.3 KTAR-FM or at www.datadoctors.com/radio. Readers may send questions to firstname.lastname@example.org