Join 3,496 readers in helping fund MetaFilter (Hide)


Is my friend's Hotmail account hacked or not?
April 14, 2011 8:23 PM   Subscribe

I got a spam email from my friend who has a hotmail account. It looks like the spam has been sent to everyone in his hotmail distribution list. My question is, how did the hackers do this? Did they need his password in order to get access to his distribution list? As far as I know he is still able to use his account which puzzles me. Wouldn't a hacker (if he had the password) quickly change the password so that they could keep sending spam out on that account?
posted by storybored to Computers & Internet (9 answers total)
 
Your friend either fell for a phishing attack (where he logged into a fake Hotmail site), has malware on his computer, or was a victim of a more esoteric attack (shoulder surfing or WiFi sniffing, both are possible but probably not likely).

From the hacker's perspective, if you have access to thousands of accounts, why bother with changing passwords? It's more work for very little benefit.

At any rate, have your friend check his/her computer for malware, and change their password too, especially if your friend has a bank account that points to the Hotmail account.
posted by jasonhong at 8:36 PM on April 14, 2011 [2 favorites]


For additional security, your friend should enable the HTTPS option in Hotmail. Have them login into hotmail, click their name on the far right, click "Account" on the drop down menu, then "Connect with HTTPS" at the bottom of the page.

They should probably also run a malware scan and change their password just to be sure.
posted by sharkfu at 8:43 PM on April 14, 2011


I would agree with jasonhong as to why/how he was hacked.

I would advise your friend to first login to their hotmail account from a different computer (go to the library if need be) and change the password there; then you know its safe.
Be sure to choose a password thats a little harder to guess, use at least one alpha numeric, and throw in some uppercase and lowercase (example: myPassw0rd!)

I have to use a million different passwords at work and on the net (its always wise to use different passwords for each site, so if a hacker does guess one, he doesnt have access to all of them); so I've learned a trick that makes it much easier to remember. Pick a fairly strong password that you won't forget (example: iLove2Eat!) then, with each website you go to, just add the initials of the site on the end, to differentiate each password. For example: for
MetaFilter.com I would use: iLove2Eat!MF

and for Hotmail.com I would use: iLove2Eat!HM

Once that is done, yes, run a virus and spyware scan (many internet providers offer free anti-virus software now, such as comcast, but people don't even realize they can get it free by logging into the site (such as comcast.net and logging into their account).

Lastly, if you want to be even more secure and stop worrying about viruses, etc. try a program like Faronics Deep Freeze - it makes the computer read-only until you say otherwise, so nothing can be written to the hard drive permanently, no viruses, no nothing. If you do need to save something, just unfreeze and reboot.
posted by absolutshrk at 9:04 PM on April 14, 2011 [1 favorite]


Can your friend actually see in his "sent" folder that the emails came from the account? Or could it be a joe job thing and someone else has similar contacts?
posted by unknowncommand at 9:19 PM on April 14, 2011 [1 favorite]


I wouldn't trust a public computer at a library. Too much chance that it is infected with something! (You don't know where it's been, do you?)
posted by Chocolate Pickle at 9:31 PM on April 14, 2011 [1 favorite]


This is almost certainly a joe job, which is simple, and may have nothing to do with your friend's computer nor his password nor his Hotmail account. All that is required is that someone he knows who has his email address has a computer that has been infected by one of the zillions of rather mundane trojans, which then sent a lot of email, some large part of it pretending to be from every email address found in the infected computer, to every other email address found in the infected computer.
posted by Mo Nickels at 6:48 AM on April 15, 2011


Another possibility is that your friend had an insecure password, and it was guessed at in a brute-force attack. I have a Yahoo mail account that I never use, and the other day someone sent spam from it to everyone in my address book (I can see the spam in my sent items). Fortunately, the only people in my address book were me, and my wife.

I really, really doubt that I was phished or have malware (and if I were, why would they just send an email to 2 people from my crummy YAHOO account when I have a juicy Gmail account just sitting there). But my Yahoo password was a regular word, so anyone running a dictionary attack would have been able to guess it. Lesson learned, password changed.
posted by Gortuk at 7:40 AM on April 15, 2011


Yep, the intruder guessed (or stole) your friend's email password.

It would actually be in the intruder's interest to leave the password alone: The longer it takes your friend to notice that his account was compromised (and change his password) the more time the intruder has to collect responses.
posted by Sidnicious at 11:08 AM on April 15, 2011


My guess is either malware or he fell victim to a well designed phishing redirect on the PC he used to log into Hotmail. "Man on the wire" (network sniffing/sidejacking) attacks are much less likely than "Man in the browser" (malware/session hijacker/fakesite) attacks. WORM_NYXEM.E is a common one that hijacks hotmail, for example.

First thing I would do is download and run Malwarebytes and Immunet to see if any keyloggers/trojans can be picked up. Whether or not malware is detected, be sure to change any important password asap, not just Hotmail. These scanning programs can be left on or taken off after the initial run.

Download and install Web of Trust to help protect against known phishing scams. Some of these phishing sites are so well designed it's hard to tell if you're looking at the real site or not, especially if the full URL is not examined closely.
posted by samsara at 1:57 PM on April 15, 2011


« Older Did you ever have a burning ur...   |  We just bought a hot tub and w... Newer »
This thread is closed to new comments.