Someone has stolen my Windows Live / MSN Hotmail Account and is scamming my contacts. What can I do?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » EMail » EMail Providers » Windows Live Hotmail

Summary: Scammers are stealing email accounts and trying to convince your contacts that you're in trouble and need money. I'll look at your options for Hotmail.

Someone, somehow get into my MSN Hotmail accounts (I have 2) and changed my passwords and all the security info, blocking me completely out. Then all the contacts I have in both accounts are being sent scam letters saying it's me and to send $2300 to Lagos, Nigeria. What bothers me the most is having my name used for scamming.

I've tried to contact Hotmail, letting them know what has happened and asking if there is anything that can be done about stopping them and closing the accounts.

Do you have an email address, or phone number, any way to contact them or who to contact. It's so confusing because its MSN, Hotmail, Hotmail MSN.

•

Actually, it's even more confusing since it started as Hotmail, then MSN Hotmail, and now Windows Live Hotmail.

Unfortunately, your story isn't all that uncommon. It seems to be the latest fad among scammers: steal someone's account and then impersonate them to their contacts - make up a fake emergency and hope that some of your friends will help "you" out by sending them money.

Also unfortunately, I'm not at all hopeful there's much that can be done.

•

Microsoft recently created the Windows Live Help Solutions Center, which is an online resource for resolving Hotmail related issues.

Perhaps the most telling statement from that site is this:

"[Microsoft does not] offer any direct phone or email support for Windows Live Hotmail."

Q: I don't want to use the Solution Center? How do I contact someone at Microsoft directly?

We don't offer any direct phone or email support for Windows Live Hotmail. Our moderators and ambassadors are always available so posting through the WLHSC is your best way to contact us directly.

(Emphasis mine.)

So there is no one to contact. Period.

Now, the solutions center does include this article: What to do if you think your account has been stolen. If you read through that article you'll see that they have several semi-automated ways of recovering or validating the account. I have no idea whether or not these techniques will work in every case, but they're most definitely the place to start.

Personally, in your case I would:

create a new account (perhaps on a paid, or different free email system)
email all your contacts that what they're seeing is a scam and that they should ignore any and all email from your old email address
start using the new email address
take care that it not be stolen
try to recover the old one, with the expectation that those attempts will fail

I have to conclude by emphasizing some lessons that we all need to be reminded of from the fact that this is so common:

Use a strong password.
Take care to protect that password.
Never, ever, rely on a free email account as the only place to keep important emails and contacts.
Backup. Backup. Backup.

Best of luck.

Related:

Are free email services worth it? Free email services and accounts are convenient and ubiquitous. But free email services aren't the right place to keep your important information.
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
What are Windows Live Hotmail's POP3 and SMTP settings? Microsoft recently, finally, enabled POP3 and SMTP access to Hotmail accounts. I'll walk you through the settings.

Article C3676 - March 15, 2009

Recent Comments

13 Comments

See BBC television last Saturday where the programme Click acquired control of 22,000 home computers as part of an investigation into hi-tech crime. You can see the programme at:

http://news.bbc.co.uk/1/hi/programmes/click_online/

Posted by: Ron B at March 17, 2009 8:57 AM

Another way is to have an email that you can use for new stuff or sites that you are not confident about. Create a deliberate email that is easy to password change so that you can lay a trail also in the format of that email is to put a macro trace to enable you to get back at the scoundrals/crooks that enjoy creating misery.
I have successfully created a way for some of these people being caught, therefore trying to fight back and having the joy of seeing a few of them suffering justice.

Posted by: Prof. Brian Bevan at March 17, 2009 9:16 AM

All I can say is to quote my late mother, "You get what you pay for" and another quote, "there is no such a thing as a free lunch." In other words, the "free" e-mail accounts are to be avoided as they can be subject to hacking. The best way to avoid this is to subscribe to a pay-by-the-month e-mail service that has a regular customer service number where you can talk to a live human being.

Posted by: Mary Minshall at March 17, 2009 11:54 AM

Similar experience w/Yahoo when my email account was "hijacked" back in December 2008. Scammers sent bogus emails, ostensibly from me, to my Yahoo contact list (including the senior senator from my state, my state attorney generals consumer affairs division, and the FCC complaint email address). The typical sad, emergency, stranded in Paris, send $2,500 immediately ... etcetera.

I did all the things you suggest Leo (and a couple more) and provided a full and technically detailed report to Yahoo Abuse. Yahoo's response was the typical - and decidedly unhelpful - "canned" response all the services use.

My main concern was that this appeared to be an instance of either Yahoo being "hacked" or someone at Yahoo selling info on the spam/scam market (Hey ... it's been known to happen disturbingly often!).

In essense - I took care of it myself.

One additional suggestion to offer to others using the free and convenient "throw away" email services:

I have removed my "contact list/address book" from all of my free email accounts. It takes but a second and a couple clicks to cut & paste an email address from my regular email app into the free email "To" field. It's a bit less convenient ... but it does eliminate the hijackers having any access to your contact email lists.

Posted by: Frank Lee Doobyus at March 17, 2009 4:02 PM

I haven't had this happen to me (yet?), but the first thing I'd do is let my contacts (and my e-mail service) know what happened. I use my ISP's e-mail, PeoplePC DSL, and it's been ok up to now, but mainly I use two Gmail accounts (one for my PC repair business and one for just the usual stuff like newsletters, subscriptions, etc. So far Google's (Gmail) been very reliable and you have up to 7 GB of free storage on each account. My concern is if this is happening so often and with so many different e-mail services, is it possible that the root cause is virus and/or spyware related. Are they stealing these passwords, etc., from the e-mail services or using just getting them straight from the victims' computers using keyloggers, hacktools, etc. My point here is that the first line of defense may be your own computer's anti-virus and anti-spyware. A simple way of adding protection to your address book would be to add a digit to each address that only you know about and then can delete before you use it. Example: myfriendmike3@aol.com. The '3' would be removed before you use the address leaving the real address myfriendmike@aol.com. Only you would know this and the stored addresses would be completely useless to anyone else who accessed them.

Posted by: Dave Markley at March 18, 2009 9:03 AM

I notice I've recently been getting emails saying "reset your Windows Live password" - and a link that actually looks pretty good. But since I've not requested a link to do so, I've not used it, since I regarded them as suspicious.

I'm guessing if people do get such a mail and then click the link their mail details are then captured and voila!

Posted by: Riff Devin at March 19, 2009 4:35 AM

There is a solution if a hacker has hacked someone's Live Hotmail account. Go to about.com and check for Windows Live ID validation page. Fill in the details and when Microsoft compares the information given by you with the information in your account, they will certainly send a link to reset your password which is valid only for a day. So resetting the password has to be done faster without wasting time.

Posted by: Jerin at March 21, 2009 2:06 AM

Someone has stolen my hotmail account and sending my contacts a email requesting money to get home from England

Posted by: kathi knight at April 9, 2009 11:55 AM

funny i have had nothing but problems before the new year, have had false changes, witout my conscent, i hope the security gets better, also web services knowing of my health exactly withut me really sharing with it...interesting...

Posted by: rick at May 28, 2009 4:01 AM

well it all happened to me and my daughter
he deleted both our accounts so we both called the police then they said they will talk to messenger !! ( you can do that )

next time a man addes you with a msn addy like
[email address removed]
dont add him

Posted by: jyotika at June 7, 2009 2:01 PM

See all 13 comments...

Post a comment on "Someone has stolen my Windows Live / MSN Hotmail Account and is scamming my contacts. What can I do?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure