Helping people with computers... one answer at a time.
We'll use one person's situation as a lesson in what not to do, and turn that around into a some steps and advice to keep your account and stay safe.
Dear Mr. Mrs.
To home is my concern from couple months ago some one has my e mail address stolen and I dont know haw I can report for this till some one till me about this web Sid and my email address was ******@hotmail.com and my password is 123456 please give me an answer as soon as you can you can call me ###-###-####
Thank you
Email owner
(name redacted)
•
With the exception of the obviously removed information, this is a question exactly as I recently received it, sent to my personal email address.
Now, set aside the fact that this email is clearly written by a non-English speaker; that's very common, as the site is visited by people from all over the planet.
There are several very serious problems with this email that I want to make sure you never, ever duplicate.
Can you see them? One of them is absolutely frightening.
•
First, let me give the answer I gave to the questioner:
You can try the instructions on Windows Live Hotmail's What to do if you think your account has been stolen page.
Now, I'm not hopeful, and you'll see why in a moment, but it's worth a shot.
What's wrong with this scenario? Let me count the ways.
-
I did not obfuscate the password above. This persons actual password was "123456". My first reaction? No wonder your account was stolen. This is absolutely frightening.
-
A couple of months? Perhaps within the first few days of a theft you stand a chance, but after weeks, or months my belief is that things are pretty hopeless.
-
She gave her password to a total stranger. Yes, that stranger was me, but she doesn't know me, and has no clue on how trustworthy I may or may not be. She contacted me using a different Hotmail account, but given her abysmal choice of password for the first account there's a very high likelihood that she kept using the same password for the new account, or one just as easy to crack.
-
She gave her phone number to a total stranger. Once again, me, but still it's clear that even after having her account stolen privacy and security lessons have not yet been made apparent. (And no, I'm not calling her - that's just not something I do.)
So, after all the fault finding I've just indulged in, what can you learn from this exercise? How can you stay secure?
Let's just turn each of my concerns around:
-
Use a strong password. Always. No excuses. Keep it safe, and share it with no one.
-
Act quickly if you suspect that your account has been compromised. Use the resources available to act on your situation as quickly as possible. Hotmail users have http://windowslivehelp.com/ specifically for Hotmail support and discussion.
-
Keep your private information private. Don't go throwing your phone number and most certainly not your password to just anyone in the hopes of getting help. There are too many people out there who will abuse your trust and cause you more trouble.
I honestly don't mean to make fun of or shame the person with the original problem - in fact, I responded to her well prior to posting this article, not expecting her ever to return to my site anyway. My hope is that by pointing out the deep flaws in her approach to passwords and privacy that some of you who might see even vague similarities with your own approach will rethink your situation, and take steps to keep yourself more secure.
Sadly, the other thing that's frightening about this scenario is simply how common it is.
Article C3687 - March 28, 2009 « »
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
March 31, 2009 4:10 PM
I would like to suggest having 1 or more email addresses from another provider. When I went to reinstall my ISP I forgot my password, and found that the one I wrote down was an older one. Fortunately I gave my provider an alternate email and was able to get the password, and change it. By the way I was discussing the Conficker with friends and was appalled to find out they did not update their windows, and she just made files and dumped unopened mail into them. Sigh.
April 1, 2009 5:57 AM
To keep up with passwords, account information, etc, I suggest an application like Password Safe (passwordsafe.sourceforge.net). I can store Usernames, Passwords, and any other information about that site (challenge/response) in one place. I only have to remember 1 password to open the database, and then I have access to all my account information.
Good suggestion about 'flower/cat' - I'll start using that!
April 3, 2009 6:12 PM
Love the "flower/cat suggestion. Whats the procedure on applying "Password Safe"? Now that is a very, very good idea, especially for me as I have trouble remembering what happened yesterday.
April 6, 2009 9:53 PM
I have found that a few sites will allow a space in the middle of your pasword. Combining this with my (German) grandparents last name, a space for a missing letter and close with a number.
June 2, 2010 11:37 AM
my account was stolen. Whom ever did this, sent bogus emails to my contacts trying to scam money?I am worried about the information in my emails. Could these people use that information? I am able to report this to authorities? Who?
05-Jun-2010