Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Someone's stolen my email account and is scamming my contacts for money, what do I do?

Question:

My email address has been compromised and someone is sending bogus pleas for
help and requests for money to everyone in my address book. What should I
do?

I’m seeing this a lot lately. Scammers manage to gain access to someone’s
email account and then make up wild stories – usually something about your
having taken a sudden trip overseas, and now in some kind of position that you
desperately need your friends to wire you money.

Of course you’re not overseas, and you’re not asking anyone for money.

Your email account has been compromised, and I’m not sure that there’s much
you can do.

But we’ll try.

]]>
<![CDATA[

Become a Patron of Ask Leo! and go ad-free!

If you can still log in to the account, you should
immediately change your password and change or remove all
personal information. As I wrote in Is changing my
password enough?
it’s not enough to change just your password – you need to
change any and all information that a scammer could use to reset your password
and regain access to your account.

“The problem is that most of the accounts that are being
hijacked like this are free accounts with little or no customer service.

If you cannot log in to the account, your options are much more
limited.

You should immediately contact your email service provider. Now, on the
surface that sounds both simple and like it should be a quick remedy. And if
your email is being provided by your ISP or someone else with real phone
support, it may be.

The problem is that most of the accounts that are being hijacked like this
are free accounts with little or no customer service. Hotmail and Yahoo
accounts are the most frequently compromised, and coincidentally both offer no
telephone-based support. You must first access their on-line support system
(perhaps having to create a new account on their system to do so), and submit
your problem via a web form, email or in a support forum.

All that takes time. Response will not be quick, if at all.

This is the “price” of free email accounts.

In a case like this I would:

  • create a new email account – ideally with a service that has real
    support
  • send a message to all your contacts(*) that your old email account has been
    compromised and that they should ignore and delete all further email from that
    account.
  • use the new email address from now on
  • take all the appropriate precautions that it not be stolen
  • if you like, you can continue to attempt to recover the old email account –
    perhaps for some peace of mind – but you should probably assume that those
    attempts will fail.

(*) “but my contacts were on the stolen account” – exactly. If you haven’t
been backing up your address book in some way, or don’t have some kind of a
duplicate copy, then the best you can hope for is to rely on your memory. This
is one of the reasons I mention backing up in the “lessons learned” below.

That’s about as far as we can go with most email services. If you can’t get
help from the service, you’re pretty much out of luck. Your account is
likely to remain compromised. Tell your friends.

It’s important to make sure we also learn from the experience. Account
compromise can be mostly avoided or it impacts minimized if you follow a few
common sense guidelines:

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

16 comments on “Someone&apos;s stolen my email account and is scamming my contacts for money, what do I do?”

  1. I had a similar thing happen to my yahoo account. Friends wrote me saying they received a Viagra ad from me. I also got several mailer daemon messages about undeliverable emails. I assume this must have happened by someone hacking into the yahoo account as a bot on my computer probably wouldn’t be able to send out SMTP mail on a web account. I also checked my computer for rootkits, spyware and viruses ant it came up clean. I changed my yahoo psw and security questions. Has anyone heard of this kind of thing happening?

    Reply
  2. One of the thing that spammers do is spoof your email address in the sender field so when someone receives an email it looks like it came from you but in reality it did not. We see this all the time where I work. We even get emails that appear to come from our domain but have a non-existant name on the email address. There really isn’t much you can do in cases like this. Spammers send out millions and millions of emails to random addresses. Some get to real people some just go into cyberspace.

    Reply
  3. Hi Leo

    This is a trivial comment, but it’s not often we can catch you making an error like this one. You wrote “if you like, you can continue to attempt to recover the old email account – perhaps for some piece of mind – “. Which piece do you suggest, frontal lobe?

    Seriously, though, keep up the good work. I recently got a request for such aid from a person I barely know, but in this case it was so plausible I really started to believe it. Fortunately, he contacted me to explain the problem before I had time to feel too guilty about ignoring that mail. I hope none of his friends got taken in by this. Thanks for helping raise awareness of this problem.

    Reply
  4. A dear friend of mine had a similar problem recently with a Hotmail account and was unable to get any help from so-called “customer support”. As has been correctly said above, it’s the price paid for a free e-mail account.

    Reply
  5. I feel if you’re account has been compromised and you decide to change the password, you must also look deeper into your profile settings and see if any FORWARDING is being done. Gmail, for example has an option to forward any account activity on to another account. If the hacker is really using your account, they’ll probably put a forward address in that setting if it’s available. Therefore, the password you just changed has been forwarded on to the account that’s in this forward setting.

    Absolutely. I address that in this article: Is changing my password enough?. (Hint: no.)

    Leo
    14-May-2010

    Reply
  6. I received such an email with a tale of woe and asking for money supposedly from a dear friend on a trip to London UK. I wrote back asking for an address to where I should send the money and back it came. Meanwhile I had phoned my friend and found she had not left Canada. I then located the Brit fraud squad address and sent them copies of the emails and the mailing address the con artist had sent to me. I did not get any response from the British bobbies so I don’t know what the outcome was.I picked up the ruse because of the wording in the fake email – it did not sound like my friend’s writing. So the outcome was OK for me.I don’t know if anyone else got stung by this scammeer

    Reply
  7. A couple of other variants that I’ve seen happen:

    1) Intruder changes the password, then changes alternate contact address to something he controls. Thus, if the service does a password reset by sending email to the alternate address, then the message gets sent to the intruder and not to the owner of the account.

    2) Intruder sets an auto-response message, where all inbound messages sent to the victim’s account get another spam message.

    Point #1 is why this article exsits: Is changing my password enough? (Short answer: no.)

    Leo
    24-Oct-2010

    Reply
  8. I am presently trying to deal with the Hotmail people with regards to our hotmail account being compromised. Our account has been scammed to our contacts with the message of my husband being held up in Spain, requesting 2500 Euros, please send money to satisfy the hotel bill. I am presently feeling that the scammer has got more rights than me as I am having one hec of a time trying to regain access to close it down. I need to gain access to close it but they will not give me access until I validate all the information which I am not 100% sure of and can only go my memory. What a nightmare! A lesson well learned. I would never rely on any free accounts for business. I have presently set up a new account to communicate with them. Yes, I have a thread going back and forth with them but the confidence is just not there that I will get my problem resolved.

    Reply
  9. Call up your friends and tell them the situation and they should email all their contacts. It’s probably that you both have many contacts in common.

    Do the same on you social network accounts.

    Reply
  10. Yes, my email was hacked in, and I can’t get in any more, password is changed and recovery email address is not available either. They are sending an email to ALL my contacts, asking for $3,500 since I was “robbed in Scotland”. We even got their info, a phone number and a probably fake address in Glasgow, instructing to send the cash by Western Union and letting them know the transaction number. Anyone who can catch them in Scotland?

    Reply
  11. Someone’s stolen my email account and sending mails to my contacts asking for money, What I do to change my Hotmal ID and password. Is it ossible to get back all the existing mails to my new ID.

    You cannot change your ID. A different ID is a different and completely new Hotmail account. I also don’t know of a way to move emails between Hotmail accounts.

    Leo
    17-May-2011

    Reply
  12. Everything you said above has happened to me, I am so upset. I am in a wheelchair and depend on my computer so much.
    {email address removed}

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.