Why it happens and what to do.
I just happened to check my emails and noticed that I had an email telling me that I had asked for my outlook.com account password to be reset. I had not done this, so I followed the link that confirmed that this was not me. About two minutes later, I received an email from Facebook stating that I had attempted to change my password and was this me? I immediately clicked on the link to report that it wasn’t the case. What I’m wondering is if there’s any way of finding out how this happened, who's trying to change my password, and the location of who and what was behind this? I checked my session data in Facebook and there were no strange locations there, but then they had failed to log in, so I suppose there wouldn’t be. Is anything else of mine at risk? I’ve checked my bank statement tonight and I am a little worried.
To answer your question, no.
If no one has actually logged into your account, you can’t get the information that you’re looking for, at least not without a warrant. But I do want to talk about what may have happened in order for you to get that "password has been reset" email. I also want you to do something different in the future.
Become a Patron of Ask Leo! and go ad-free!
Unexpected reset attempts
Unexpected "password reset" emails can be caused by many things, ranging from honest mistakes to intentional hack attempts. You should ignore those you did not initiate yourself. Keeping your account secure with a strong password, up-to-date recovery information, and two-factor authentication is the best approach to keeping it secure. In any case, the information about who's trying to change your password is not available.
Unexpected password resets
A password reset email means someone entered your ID into a login page and clicked the “I forgot my password” link or equivalent.
Alternately, the email could simply be spam.
So if you didn't ask for a password reset, ignore the message. And that includes not doing one thing you did: do not click on links in the email, since the email might be fake.1
Since you’re seeing this happen first on one account and then on another in fairly quick succession, it appears that someone is targeting your user ID. They’re trying to see if your security is lax and if they can break in. Perhaps they’re looking to see, for example, if you have weak, easy-to-guess answers to security questions.
Staying secure
Outlook.com and Facebook are doing the right thing by using the information already in your account -- like your alternate email address or associated phone number -- to send you a message needing you to confirm before they do anything. It's that message that you're seeing.
In theory, there’s no way randomly asking for password resets like this could actually allow hackers into your account. I say “in theory” because your security relies on both you and the service provider doing the right thing. What is "the right thing"? For you, that means:
- A strong password.
- Secret questions and answers nobody could ever guess. Fortunately, these are falling out of favor and being used less frequently.
- Making sure you have an alternate email address on record -- one you always have access to.
- Setting up a mobile or other phone number to which text or perhaps voice messages can be sent.
- Providing whatever other kinds of backup information that service uses to help protect your account.
- Using two-factor authentication where it's available.
Not only does having those things set up help prevent hackers from gaining access in the first place, they are also the basis for account recovery should you ever lose your account.
Finding out who
You and I aren't able to get information about who might be trying to break into our accounts. There are a number of reasons for this, including protecting the privacy of an individual making an honest mistake. Perhaps it's a typo that resulted in your email address when they honestly intended to enter their own. This happens to me often.
If your account is actually hacked, the information is still not available to us. If the situation is important enough to warrant law enforcement involvement, the service providers could make it available in response to a court order.
But a court order is probably the only way.
Hopefully, this article gave you a little peace of mind. If so, I'm pretty sure you'll love Confident Computing! My weekly email newsletter is full of articles helping you solve problems, stay safe, and increase your confidence with technology.
Subscribe now and I'll see you there soon,
Podcast audio
Footnotes & References
1: OK, if you're savvy enough to feel very, very confident that the mail is legitimate, you may click the link. It's what I do when I'm certain.
In a case when when someone is trying to get into my accounts, I’d make sure I had a good long passphrase as these hackers might be able to guess a short one. Actually, I’d suggest everyone with a short or guessable password to change it as you never know when you might be the victim of a a hacking attempt.
http://askleo.com/how_do_i_choose_a_good_password/
I don’t know what to do. I think my email has been hacked or phished. I don’t know if Hotmail is really Hotmail. or not. I have seen my Hotmail account send email to myself {email address removed} to {email address removed} for drugs and Russian dating sites. How do I know who is real and who is not. How do I know whos links are the real links and not the hackers? Please if you what should my IE internet options be set at for the safest possible. How do I if this is really your page and getting to you?
Thanks for your help!
Getting spam from yourself is actually somewhat common. More here: Why am I getting spam from myself?
If you believe your account has been hacked, I’d send you here: Email Hacked? 7 Things You Need to do NOW
I received an em saying someone else has my em address and I should change my em address…..is this Google sending this or a hacker? I recently have been getting a lot of junk mail too.
This article may help you with that question: https://askleo.com/phishing_how_to_know_it_when_you_see_it/
I know of many Yahoo and MSN users who have either closed their accounts or have just left them for some other more secure account because of this problem, I know that Yahoo and MSN are in the act of improving their security and infact yahoo should have ssl by the 8th of Jan they say? Expect problems when they do. Because of personal settings?
I dont know if Microsoft has fixed the problem yet but there was a problem with ssl and outlook in Office?
These are all things that should have been done long ago like google did with Gmail.
I don’t know if my email was hacked, but somehow my facebook email address was changed to my gmail one, but my password is still the same. I can still log into my facebook account no matter what email address I use.
I would assume that you probably added your gmail address to your Facebook account as one of the alternate/recovery addresses.
These articles discuss that issue:
http://askleo.com/how_do_i_recover_my_facebook_log_in_password/
http://askleo.com/how-do-i-recover-my-hacked-facebook-account/
My facebook hechd help me
We cannot recover hacked accounts, lost or forgotten passwords. Please see:
https://askleo.com/how_do_i_recover_my_facebook_log_in_password/ and/or
https://askleo.com/how-do-i-recover-my-hacked-facebook-account/
I recently logged into an old e-mail address I use occasionally, and found that someone had changed the password. After securing my account, I found out that they had been using it for months, and had even set up an Instagram account using my e-mail address. I thought about deleting the account, or doing something else to get back at them, but decided against it. A few days later, when I tried to log into the account, I found out that they had managed to change the password again. So I secured my account again, this time making sure it was more secure than before. This was in November, and after that I got busy with the holidays, so I didn’t bother checking the account again until today. And guess what? They had somehow gotten into it again. I don’t know how this was possible, as I had done everything I could to secure it – change the password, change the recovery e-mail address, etc. But this time I added a phone number, and made sure you needed a two-step process to log in: you’d need to get a verification code texted to you, and then you could sign in normally.
When I looked at the e-mails, I saw that someone had sent them an e-mail with some photos. And the e-mail address was very similar to mine (only different by one letter). And in the photos I recognized the person who had set up the Instagram account. She had also used her real name to go along with the e-mail account, so now I know her name and what she looks like. I was also able to locate her Facebook page, where I found her current city, birth city and birthdate.
So now that I have all this information, what should I do? Go to the police? I have my account back (for the time being), but who knows for how long, or what she will do again, to me or someone else.
This sounds very strange as email accounts shouldn’t be that easy to hack into, especially with 2 factor authentication. I’d make sure to check all of the recovery information, as it seems the only way she could have got in to the account would have been to add her own recovery info. Check to make sure that there aren’t any other email addresses or phone numbers that aren’t yours listed as a recovery method.
Since you have her contact info, you might want to warn her that you know who she is and tell her that you’ll go to the police if she doesn’t stop hacking into your account.
I had my yahoo, hotmail and gmail and youtube google accounts are hacked with 2 step authentication. I changed the password they will comeback and change the password. I don’t know the next step.
The only thing I can think of is if someone has access to your phone or second factor/recovery email. When you recover the account, make sure the second factor/recovery email hasn’t been changed. Change the password on your accounts, your second factor/recovery email emails and your phone and check that the recovery email addresses and phone numbers are yours on you second factor/recovery email accounts. In other words, change all of your passwords and don’t use the dam password on more than one account.
I know of a person that wants or has gotten into my account. .I have a nane and phone number if that’s helpful.
Change your password and check all your recovery information. More in this article: https://askleo.com/email_hacked_7_things_you_need_to_do_now/
If someone is trying to hack into your account, you should probably report this to the police.
I do NOT have an Instagram account but i got a txt with a passcode in it and i want to know who is using my #
I expect to hear from this matter within 24 hrs or i will make other arrangements
Contacting law enforcement is the best thing you can do in a case like that. Only law enforcement officials can get access to the information you are looking for. Taking matters into your own hands can often backfire and get you into trouble.
I have My password to this boy I know on my instagram account and he tried to login and now my account is saying that there is suspicious activity in my acc and so idk what to do now.
Change your password and never ever give it to anyone else ever again.
hi,
cut the story short, i have a family member who was my security email, fell out and now this person keeps trying to get into my emails. i changed the security email to another and it says 30days till this changes over, changed my password and a few other things like postcode, details, in the mean time can this person still try get into my account if they click on forgot password and send the verification code to their email address can they still access my account. get into my emails.
i have someone gmail address and password what should i do that when i change his id password then after he will not able to change because the id is created with his number
If you change his password or even access his account, you are breaking the law and subject to criminal charges.
My account is getting locked continuously. Someone is deliberately giving wrong passwords just to lock my account…..What should I do in this case?
Nothing I can think of, other than creating a new account.
i have my account but any one change my account password or recovery number or email address and password or i didn’t know how to get it back
plz help me
We cannot recover hacked accounts, lost or forgotten passwords. Please see this article for more information on your options:
http://ask-leo.com/would_you_please_recover_my_password_my_account_has_been_hacked_or_ive_forgotten_it.html
If this is a Hotmail, MSN.com, Live.com or Outlook.com account, then this article discusses recovery options for the various ways that these accounts can be lost or compromised: http://askleo.com/what_are_my_lost_hotmail_account_and_password_recovery_options/
If this is a Facebook account then please see: http://askleo.com/how_do_i_recover_my_facebook_log_in_password/ and/or http://askleo.com/how-do-i-recover-my-hacked-facebook-account/
How can I know the person who is behind my fake Facebook account?
Unfortunately, there’s no way to find out.
if you get an email from facebook telling you someone tried to log into your account,
do not click on anything and report it to phish@fb.com matter of fact,
just about any reputable company has an email address to report suspicious
emails to. all one has to do is type in the address bar
report scam emails to (company name).
I’m not convinced that “any reputable company” has such a mechanism, and even for those that do whether it does any good at all. Facebook’s was established in 2012, and I can’t say it’s helped.
i often report scam emails to FB and other sites. it doesn`t
stop them completely but they are gone for a few weeks.
the more people that report them will force the sites to
take action.
just deleting them allows them to continue to scam the
more gullible. if it doesn`t help, i`ve done no harm. and it
only takes a few seconds to report it.
Reporting spam and scams to Facebook works. Other services don’t respond as well.
true, they don`t always work.
Over the last 4-6 weeks, I’ve been facing attacks using my primary email account on many of my accounts. In two cases after repeated attempts of using a ‘reset my password’ link, they were actually able to change my password. In one of those two cases, they used that password to change the email on the account, so I no longer have access to it. (I’m still working to get that account back under control.) In the meantime, I’ve been working to get all of my accounts changed to use other email addresses to try and stop the constant attacks.
Be sure to enable two-factor authentication on every service that offers it.
Another way of telling if an email is spam or not is to simply place your cursor over the sender’s name and see what shows up. I get a lot of the ones that say that someone tried to log into my Bank Of America account or my Amazon account and that I should click on this link to correct it. NEVER click the link. When I put my cursor over their name it will often show up a long address and sometimes end in a weird set of letters like .eu or something like that. I don’t open them since I don’t have either account but it is nice to see where they are coming from.