Helping people with computers... one answer at a time.

If hackers or spammers gain access to or spoof the account of a deceased individual it can be very difficult to regain control or close the account.

I have recently received what I suspect are phishing or spam attempts from my son's hotmail account. He died just over two years ago. Several of his friends have also recently received messages from his account. How can I close the hotmail account (I can't find any direct contact info available without having a hotmail account) and will it likely have an impact on the bogus messages? I have tried blocking his address, but have received a message since then.

First, let me express my condolences for your loss.

Let me also assure you that you are not alone - I get a surprising number of requests along almost these exact lines: a family member has passed away, and yet email continues to be received from the deceased's account.

I can't print the words that I would use to describe the individuals who are responsible for this.

And, unfortunately, the practical outlook for this situation actually isn't very good. I'll review a few things to try, though.

As you might expect all service providers - be it email, web, free or paid - have to make it very difficult to close an account that does not belong to you. If it were easy then malicious people from scammers to neighborhood bullies would be closing accounts right and left for any number of reasons.

"I paint a very bleak picture because - well, it's a very bleak situation."

It gets even more complicated when the account has been hacked. All "normal" techniques used to prove ownership - for example confirmation email sent to the account - fail in this case. The hacker has enough access to prove, maliciously, that he "owns" the account when he does not.

It gets more complicated still when we're talking about free services like Hotmail. These services have little to no customer service options for you to contact, and if they do they are often minimal at best. No amount of "peer support" in a discussion forum is going to help in a case like this. And since it's free, there was never any credit card or other payment method associated with the service that could also be used to trigger it being discontinued.

In your case, I have to throw out one more unfortunate fact: two years is a long, long time as these things go.

I paint a very bleak picture because - well, it's a very bleak situation.

I honestly don't think we're going to be able to close the account.

Here, then, is what I would try:

  • Create a Windows Live account of your own. Unfortunately, this does appear to be necessary to access any of the Windows Live support services.

  • Visit the Windows Live Help site, and in the Hotmail forums, in what is currently labeled as the "Sign in, Sign up, and Account Security" subsection, post a message describing your problem. Do not provide the account information of your son's account. Wait for contact from a Windows Live representative.

  • If you are contacted, proceed as instructed by the representative.

Now, here's the problem: I personally don't have a lot of faith in the representative contacting you, or ultimately being able to help. They may. I could be wrong and I hope I am, but I do hear a fairly steady stream of failures and only the occasional success story.

But I'd certainly give it a try.

Here's the other problem: even if you are successful, two things may happen:

  • The email may continue, because it wasn't being sent from the account. So called "From spoofing" - sending email with forged From addresses - is rampant in spam. Closing the account would actually have no effect. In fact, there is no way currently to do anything about From spoofing.

  • After some period of time the account email address will be made available as being "unused", and a new account could be created using it. The address book in that account will, of course, be empty, but the email address will once again be valid, and belong to someone else.

My advice to you and your family members is first to simply realize that these are bogus and difficult to stop. The easiest, of course, is simply to ignore and delete them, though I realize that in cases like this that can be quite the emotional burden.

The only real alternative is for each recipient to investigate all options to block email that comes from that email address. Those options include setting up filtering rules in your email program to automatically delete email from that address, marking it as spam, as well as investigating with your email service provide or ISP any blocking options that they might have available. With today's spam situation many, if not most, ISPs have some way of blocking email from known bogus addresses.

All in all it's a fair amount of work at a time when I know this isn't something you need or want to deal with, and for that I am sorry. It simply shouldn't have to be this way.

Article C4266 - April 9, 2010 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

5 Comments
Dan
April 9, 2010 3:34 PM

Two other potential solutions:

1. Report the spam/phishing to Hotmail's abuse address. (Typically, this is an address like abuse@hotmail.com.) Hotmail has an incentive to shutter accounts sending spam, to avoid getting added to blacklists. Encourage others to report the spam/phishing, too -- more reports make it more likely that action will be taken.

2. Send a letter describing the situation, with a copy of the death certificate, to Microsoft's general counsel. This wouldn't force the company to shutter the account, but it may get that result. Lawyers think conservatively, and any in-house lawyer would think about how foolish he'd look if this situation came to public light or if some other bad result happened after he had received a specific notification about it.

Mike W.
April 10, 2010 9:56 PM

It may be that the only true effective method of preventing these things is just that--PREVENTION. I'm particularly thinking that if a person "escrowed" their userIDs and passwords with a trusted friend or relative, any such accounts could be accessed by the trustee and appropriately shut down.
Of course, that requires thinking ahead, something most people have a tendency not to do, esp. involving matters concerning death. :-(

Robert George Douglas
April 14, 2010 2:28 AM

Dear Leo,
I have a similar problem with my (living) niece so if I was (somehow) able to get 'her (compromised) account' closed down would she then be unable to use her actual (true) hotmail account in the normal way ?
Many thanks;
Robert George Douglas

If I understand you correctly, the answer is no: each account (i.e. each separate email address used to login to the account) represents a different account unrelated to any other. Jus tmake sure you close down the correct account.
Leo
17-Apr-2010
Susan
April 14, 2010 7:51 PM

I had a similar concern. An on line friend died and two weeks later her screen name poppped up on my buddy list. I found out later that she shared her account with a friend but it got me thinking ~ so when a real time friend died I arranged to keep that email address as active but have it set to no mail in or out.

April
March 1, 2011 8:06 AM

I just came across this great resource (ebook) about this topic. I covers not just hotmail, but many of the other online accounts that people now have and some of the implications of doing nothing. I had a loved one die recently and he was very active online and I am finding this book very helpful in getting through this sad time. You can find it at www.profileguardian.com.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.