Use Hotmail, Provide iPhones to Nigerians!
January 9, 2008 12:09 PM Subscribe

My girlfriend's Hotmail account has been hijacked. For real. Repeatedly. Help.

The salient points:

On Friday, she could log into her Hotmail account with no problems. As of Saturday, she was unable to log in -- the error message said her username and password didn't match. She tried to reset her password, but her secret question had been changed too (meaning she obviously didn't know the answer). After filling out the support form on Hotmail's site, receiving an email from them at a different address, and giving them lots of information, they reset her password and she could access the account. That was Monday.

She logged into her account and discovered that a) many of her emails had been deleted, and b) there was a string of emails about eBay purchases that she did not make. Several of them were back-and-forths with sellers who were getting the Paypal runaround from the person who had hijacked her account. A couple of the sellers finally wised up and reported the fraud to eBay and the auctions were canceled.

Within a couple of hours of her successful login, her password and the secret question had been changed again and she was again locked out of her account. Hotmail has not yet responded to the most recent breach.

One of the emails in the eBay exchange included a name and mailing address in Nigeria. (As in, "No, don't worry, PayPal will make the payment soon! Please go ahead and ship my iPhone to this address!") I've googled the name and address and can't prove that the guy is real, but it is at least one piece of info we have. (I don't have his IP address, but I suppose I could email the eBay seller with whom he was communicating and ask if it's in his header info. Only problem is, the eBay seller also had a Hotmail address, and right now we're suspicious of anything Hotmail-related.)

She's filed a police report, by the way, but that isn't making Hotmail respond any more promptly. And since there's been no monetary loss so far, the police won't/can't actually do anything. (Like they would anyway....)

So, what's going on? How is someone repeatedly accessing her account, and how can we stop it? (She's signed up for gmail in the interim.) How is it possible that the person who hijacked the account knew, within the hour, that she had regained access? And how did that person access her account even after she changed her password? Is it possible that the offender works for Hotmail? Is there a key-logging thingy on her Mac? Were her tech support communications not actually going to Hotmail, but to the hijacker? What the hell?

Is there anything we should do to her computer to make sure there's no malware on there? (I'm not a Mac person, so I'm clueless on this front.)

Any other advice or possible explanations?

Google search pretty much just confirms that the situation is fucked up, but doesn't provide much in the way of help.

posted by mudpuppie to computers & internet (16 comments total) 5 users marked this as a favorite

There are very few keyloggers for OS X, but this app claims it will find them.

Use firefox, install no script, it protects against cross-site scripting, which seems to be more prevalent.
posted by sharkfu at 12:23 PM on January 9

Whatever you end up doing, I'd suggest she permanently switch to the Gmail account.
posted by nasreddin at 12:23 PM on January 9

Look for physical keyloggers as well, if it is a USB keyboard.
posted by mikepop at 12:24 PM on January 9

And change the password on the Gmail account from another computer until you rule out keyloggers; once she gets her password reset from Hotmail again have her log in from another comupter and change her password again, etc. Basically, I wouldn't use the computer for anything sensitive until you get it figured out.
posted by mikepop at 12:25 PM on January 9

The eBay account is not your girlfriend's, right? If so, this situation makes absolutely no sense. Someone hijacked her free hotmail email account, just to use it to send fraudulent emails? They could just have easily opened their own new hotmail account to do the same thing.

Someone dumb enough to use your girlfriend's account for this is probably not smart enough to use any of the methods you mentioned (key-logging, internal hotmail functions, Mac-based malware, etc). The most likely explaination is that the guy is using a dictionary-based attack and both of the passwords your girlfriend used are in his dictionary.
posted by burnmp3s at 12:34 PM on January 9

First off: your girlfriend needs to change her secret question and answer. Choose a pair that is something nobody will guess- 'Who is the president of the United States?' and 'Bela Lugosi', for example. My guess as to how someone would 'know' she'd changed her password would involve them trying to log into the account and failing. (Which is an astonishing possibility after she's changed the password, I know.)

Second off: view full headers on the email: you should be able to suss out an IP address for the buyer quite handily. Third off, contact ebay support: you should be able to get a user ID out of that email, and they have records for this person which are related to fiscal matters and therefore verifiable.

Of course, first order of business is to get Hotmail to respond. they give you an incident # or a ticket # related to the prior password reset? Use that in refering to this incident, because it's the same one, and you'll get to second or third-tier support much faster, that way.
posted by mephron at 12:34 PM on January 9

burnmp3s, she says now that she did sign up for an eBay account a long time ago, but never used it. So I guess she did have one after all.

mephron, she changed the secret question after being able to log back in. Didn't make a difference, and now the dumbass has changed it again to something she can't answer.

The emails -- we printed them out, and the hard copies are the only ones we have right now since we can't get in to Hotmail to view the headers.

When contacting Hotmail the second time, we included the report number in the subject. Didn't make a damn bit of difference -- they still haven't responded.
posted by mudpuppie at 12:39 PM on January 9

Can you confirm, as per burnmp3 above, that your gf hasn't been using some simple password?

Some guy might just be re-running a dictionary attack on the same set of hotmail accounts and if she is using passwords such as "strawberry1" or whatever, this will continue to happen.
posted by vacapinta at 1:38 PM on January 9

Yeah, vacapinta, it seems that the password maybe wasn't as secure as it could have been. We're working on that now. She feels kind of stupid about it.

Update: We've fixed things with eBay and PayPal. Both compromised accounts are now canceled.

Here's the deal: In going through the PayPal process (which involved doing an "I forgot my email address" menu), we found the gmail address for the hijacker. The guy had tried to change her PayPal username to his own username (while keeping her payment information). When he did that, PayPal sent a confirmation email to her Hotmail account. She saw that email during the hour that she was able to log in on Monday. Okay, so, when she did the I-forgot-my-email-address thing, it redirected her to a web form that automatically had this dude's gmail address filled in.

So we have his gmail address. What do we do with it?

I can't seem to find a way to report him to Gmail. Their help site -- even for compromised accounts (which this isn't, really) -- is totally useful. There doesn't seem to be a way to report that he's using his gmail account for fraudulent purposes, and most certainly violating their TOS.

Any way to report him?

If not, I think I'm going to get everyone I know to spam the hell out of him.
posted by mudpuppie at 2:03 PM on January 9

The eBay account is not your girlfriend's, right? If so, this situation makes absolutely no sense. Someone hijacked her free hotmail email account, just to use it to send fraudulent emails? They could just have easily opened their own new hotmail account to do the same thing.

It makes tons of sense. Putting people on the trail of someone else keeps them off your trail.

Check your credit rating as well for unknown purchases.
posted by Ironmouth at 2:58 PM on January 9

The PayPal rep told the gf that they already had his email address, but didn't indicate whether they were going to pursue it at all. I hope they at least search for his email address to see if anything else comes up.
posted by mudpuppie at 3:02 PM on January 9

Spamming the hell out of a Gmail account isn't actually going to affect the recipient, because Gmail's spam filters are very good indeed. It might improve the filters though. Here, spam the hell out of me: flabdablet@gmail.com
posted by flabdablet at 3:58 PM on January 9

Just today it appears a friend of mine had her yahoo account similarly compromised -- someone sent out emails to all the people in her address book. It's very strange -- she's investigating.

Good luck getting it all sorted out -- it's a shame things have gotten so creepy out here on the interwebs.
posted by amanda at 5:45 PM on January 9

Will you sic Olena on him? ;-P
posted by brujita at 10:55 PM on January 9

Um, brujita, already did. See Metachat.

Anyway -- I sent an email to his gmail address professing a false interest in the product he's tried to by repeatedly. A response came almost immediately from a COMPLETELY DIFFERENT (i.e., bogus) hotmail account, asking me to provide paypal info.

HOW DO I NAIL THIS GUY???
posted by mudpuppie at 11:25 PM on January 9

Not sure. But MeFi sure is an excellent spam honeypot. My Gmail spam folder is now accumulating garbage at least five times as fast as it was two days ago.
posted by flabdablet at 12:20 AM on January 11

« Older outlook 2007 easy question: Ho... | Do Tater Mitts work? Yes, I l... Newer »

You are not logged in, either login or create an account to post comments

Use Hotmail, Provide iPhones to Nigerians! January 9, 2008 12:09 PM Subscribe

Use Hotmail, Provide iPhones to Nigerians!
January 9, 2008 12:09 PM Subscribe