Helping people with computers... one answer at a time.
Getting unsolicited password reset requests for your Hotmail account could be someone trying to hack you, or it could just be a phishing attack.
I continually get emails from Hotmail saying I have requested for my password to be reset, and I most definitely have not requested this. I have had the same password for years (probably not a good idea) but could these repeated emails from Hotmail be a sign that someone is hacking into my account?
Yes, while it's definitely not a good thing to leave your password unchanged for years at a time, I also know that changing it often is a pain. I'm as guilty as you are when it comes to my Hotmail account.
Unsolicited password requests aren't a good thing. The question is just how bad a thing are they? The answer varies.
My initial reaction is that I think I smell phishing. I'm not sure that I'd expect a directed attack against you, but rather a general phishing attack trying to get people to mistakenly give up their Hotmail passwords.
My guess is it that works like this: the reset mail doesn't come from Hotmail at all. it comes from a phisher who makes it look like it came from Hotmail. If you click on the link(s) embedded in the mail, then you'll go to the phisher's site, not Hotmail. If the phisher has done his job well, the site will look like Hotmail, but it won't be Hotmail.
And I'm guessing once you get there it'll ask you for your account name and old password "for verification". If you give that information up, then your account is probably about to be hacked.
Interestingly enough there are services that supposedly will get you anyone's Hotmail password and I believe this is exactly how some of them operate. But that's a directed attack - meaning it's not a broad spamming of all Hotmail users, but someone using this service to get your password.
It's also possible someone's doing it manually - trying to request a password reset by hitting the "forgot my password" links when logging into Hotmail. They could be doing it on purpose, of course, and trying to get your specific password.
Or it could be a big mistake.
Sadly, I've noticed that many people are unable to get their own email address correct when filling out a form. That's one reason you often see that annoying "fill in your address twice" to make sure that you can do so, twice. I've also seen many users actually forget their email addresses.
Regardless, someone could simply be innocently looking to gain access to their own account but mistakenly typing in your email address instead of their own.
The bottom line is that you should ignore and delete any requests that you didn't initiate. As long as you can continue to login to your Hotmail account, then you should be fine.
You might consider changing your password, though.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.