My husband’s Hotmail contact list has been hacked and a phishing
paragraph was sent to them. Now it appears whenever he tries to forward
an email. How do we get rid of it?
It’s unusual that only the contacts would have been hacked into, and
it’s more likely your entire Windows Live Hotmail account has been
compromised.
Frankly, I’m surprised you still have access.
But, given that you do, there are several steps you should take
immediately, to recover from the damage that’s been caused. One of
those steps should take care of the phishing paragraph that’s showing
up.
]]>
I’m going to assume you’re using Windows Live Hotmail’s web-based interface. In fact, many of the steps we’ll take will need to be taken there.
The very first thing you should do is very simple: Change Your Password. This is so important, I’d go so far as to say do it now; before even reading the rest of this article. It’s the first step to slowing down (though perhaps not preventing) the hacker from continuing to access your compromised account.
There are now several things you must change to regain total control of your account.
Start by clicking on the Options item in the far right of the Windows Live Hotmail display:
In the drop down menu that appears, click on More options.
On the resulting “Manage Your Account” page, click on View and edit your personal information. That will take you to a page much like this:
The short version is that while your hacker had access to your account, they had access to everything here. If they didn’t change it, they likely could have seen important information that you might care about.
Change it.
For everything that makes sense, change it.
-
Change your password: as I mentioned above, to prevent the hacker from accessing your account.
-
Change your security question: to prevent the hacker from having changed it and using it for a password reset after you change your password.
-
Change your alternate e-mail address: to prevent the hacker from requesting a password reset to an account that he may have changed this to.
-
Change your mobile PIN, or remove your mobile number completely.
-
In billing options, consider removing or changing the payment method listed, and be sure to keep an eye on that credit card’s statements in the future.
Also review the Additional options at the bottom of this page, making sure that the hacker didn’t change permissions, marketing preferences, or anything else relating to your account.
That’s the high priority stuff, but there are still plenty of things that need to be looked at.
Return to the “Manage Your Account” page. You’ll want to double check almost every option listed on this page, as the hacker may have altered it while he had control of your account.
In particular, I’m guessing that you want to take a look at the “Personal e-mail signature” settings.
As the text of the feature states, the text in your signature is “added to the bottom of each e-mail message you send”. I’m guessing that your hacker added his own personal message here, and that it’s being automatically added to every message you send. Remove it.
In reality, if your hacker has been thorough there’s a lot of damage they can do, and it can be a lot of work to re-construct your account. Remember that your Hotmail account is really your account for all Windows Live services, including Messenger, Spaces, Groups and who knows what else. While they had access to your account, they had access to all of that. And that means that they had access to any and all options relating to those other services in addition to Windows Live Hotmail.
It simply goes to underscore the importance of keeping your account safe, choosing a strong password, keeping it secure, and in general keeping your computer safe on the internet.
Prevention is so much easier than trying to clean up the mess after a problem.
The exact same thing happened to my Hotmail account a couple of days ago. A phishing email was sent out to my contacts. I immediately checked the Hotmail inbox and saw some returned messages that were sent out to invalid addresses. All of my contacts were erased and the phishing email had become my vacation response.
Everything else looked OK in the account, but I did everything that Leo recommended. I stopped regularly using this Hotmail account many years ago because of the huge volume of spam.
I’m involved with IM and on mmore than one occasion I’ve been asked for my password to my hotmail/live account presumably to email their message/offer. I have always declined even though I do trust the people involved but it brings the question to mind if they can email my whole contact list how do I mail that way, without having the insanely long “mailed to” list which looks and will set off the spam police?
I had my email hacked into and cant get into my email, they changed my question, my friends got emails from my email asking for money
14-Jan-2010
My hotmail account has been compromised. I cannot log in nor can I get any help from the hotmail people. Is it possible to reinstate my hotmail account or have I lost all of the contact info etc. forever? Please help. You seem to be the go to person for all problems. thnx.
08-Apr-2010
Leo
Great radio show by the way.
I have been suspecting for some time about my Win Live mail being compromised. Last week I received an E-M from a friend in Cancun, Mex warning me to be cautious with my messaging & e-mails; He said that He could see my conversations and E-Mls. Am I doomed? Do I continue using MSN / Win Live site?
What’s at risk? What did actually happened?
Did my friend compromised his account & in return He was thrown a “hook” from a hacker, hoping he would grab it?
12-Apr-2010
Just happened to me. Thanks for the article I have done everything you suggested.I guess I always knew the password was weak but didn’t do anything, now it is strong and I will change it frequently.
I have been turning in circles since my hotmail was hacked I have applied your suggestions and will wait for further outcome. THANKS can’t be said any better.
Can’t get into hotmail account. It has been taken over, tried to contact hotmail to obtain person to return my email account. I think person has changed all my information since I’m not receiving message from my alternate account. Need help on next step.
please inform how i can recover my send emails i didn’t delete my self. so please help how i can get back i need all. waiting for your reply
how i can recover all my send emails in windows live so please help me in this issue i need all mails back in same folder so please inform me, this emails i didn’t delete my self i think some one hack this account i change my password, so please help in this matter kind regards.
I heard that this had to do with a breach in Facebook. It’s happened to some other folks I know. Your contact list is used to distribute e-mails about on-line pharmacies.
cant recover/get into my hotmail emails – wont let me change password etc and just keeps coming up with Error 999 – no help from windows live etc – just dont know what to do, so extremely upset and annoyed
Yesterday my account sent out a spam mail for some laptop.I myself never open links from that type of mail let alone send it. Today I was on for a lil bit then when I went back I could no longer get in.It was saying wrong password ugh. I want it back!
Hotmail account was hacked and everyone in my contact folder has received an email about how I’m overseas, flat broke and to please send money. I no longer have access to my Hotmail account as the hacker has changed the password. I’ve initiated the account validation/password recovery process but how will I know if and when problem is resolved. Should I just consider this email account toast and get on with my life?
28-Aug-2010
I just went through the whole email password recovery thing with Hotmail and thought I was out of the woods. But the hacker address keeps coming back in and force forwarding my email. Have deleted it twice but still comes back. What can I do?
24-Oct-2010
Hello Leo. Thank the lord for saints like you to help the less computer able muppets like myself out there.
I too think i have had my Hotmail compromised; lots of undeliverable messages in my inbox made me check my sent messages and shortened links to sites selling viagra were sent to all in my contact list along with other contacts that are not in my list.
I have now changed all the details outlined by yourself and are now waiting to see if this has rectified the problem.
Is there anyway the Hotmail staff can help with this issue? I know alot of it comes down to regularly changing your passwords which many of us don’t do quite as often as we should, but i am sure that Hotmail could see who is hacking its users and more than likely can see how they are doing it and therefore advise us of counter measures in response. The very least they should do is alert us to the problem. As far as i can see it is only a problem suffered by Hotmail users. It may be free but would you pay for it???
05-Nov-2010
My email account has just been hacked and some friends have been sent spam emails from “me.” I’ve followed all your advice above, but I’m worried that the hacker will now have access to all my online memberships to things like online shopping sites and supermarket accounts etc because I’ve used the same password for everything. Do I need to change my password for all my other accounts as well (like facebook, amazon etc)?
Thanks
14-Nov-2010
My hotmail account was hacked today. They have changed my password and secret question so I cant get in and change anything. They sent an email to all of my contacts asking if they could send 500$. I responded to them from a different email account and they have given me details of a person to send money to via western union funds transfer so I am off to the police to see if they can do anything but they didn’t help me so can you please do some thing for me. I have alots of emails from him or her that send me to my gmail account and I can send you as a prove if you needed for making sure that is my email account and please do some thing for me.
17-Nov-2010
Strikes me that either Hotmail is an unusually easy system to hack, or, more likely, it hasn’t been hacked at all, but that these sufferers have managed to acquire one of the multitude of viruses that spread through email and address books. If nothing other than reports of spurious ads seems to have happened, then I am more suspicious that this is in fact an infection, not a hack. That reports of this kind are becoming so prevalent is one reason I will never rely on a purely web-based email system. I have always used a dedicated, protected, email client (currently Thunderbird) with a proper email account, and I have never had this kind of problem.
I would suggest that, as well as carrying out all the recommended actions of password changing etc., sufferers also run a full deep-scan virus and malware check.
I am disgusted to find that someone has accessed my hotmail address book and sent the following advert to everybody in my address book: How to protect my hotmail contact list
not one antimal or antivirus or what have you i used found anything…..one at leasst said it would only check wind live…no others what good are they then
02-Dec-2010
I am in my email, trying to change everything you said, but the hacker has added an “unique ID” (which is listed directly under my windows live ID in the manage account tab) and it won’t let me change it. The hacker also added an email for password reset and I tried to look it up on yahoo and they’re saying that ID hasn’t been taken yet. Are there any other options? And yes, I changed my password a few days ago. Thanks in advance!
04-Dec-2010
Hi, my hotmail settings all appear to be ok but it appears to be sending dodgy random emails with web links on to all of my contact list. It’s driving me and my friends mad. Please advise if this is different to whats been mentioned above! thanks
19-Jan-2011
i have be blocked from my account and every time i go on there to resend it it wornt let me put in my new email address what do i do please help
03-Jun-2011
I read this and changed my settings. Thanks for the help! I have a question about my contacts though. Whenever I send an email to a group of people from my contact list, a couple of sex email addresses appear on there too. But when I look on my cantact list to delete them, I can’t find them. Is there anything I can do about it?
Leo,
Most hacked Hotmail happens not because their password was hacked but because the hacker sends an e-mail to the user that comes from a friend or contact persons they knew. Obviously this wont be picked up by spam filters nor does it look suspicious if it comes from someone you know. Once the e-mail is opened, it contains a worm/virus that not only gives the hacker access to your pass word, but attacks the users contacts directory. Once hacked, it sends out an e-mail to everyone in your contact list putting your e-mail address as the sender so your friends think you are sending them an e-mail. Little do they know the e-mail is from a hacker and the worm has now hacked into their e-mail account. MSN has done noting to help this spreading problem. I have been hacked twice now this time the hacker gained access to my Google accounts and it has created a nightmare for me. My suggestion DO NOT TYPE IN ANY CONFIDENTIAL INFORMATION IN ON ANY INTERNET SERVICE. Keep it off the net if you want to stay safe.
My situation is the same as Sherion’s , above. When I start a “new” email and click the “To” button to have the abbreviated contact list pop up, at the end of the list are several “adult” entries. But when I click on “Contacts” on the left-hand bar, the entries don’t appear, so I can’t delete them. A couple of new ones have turned up recently, too. How can these be removed? Will a professional be able to “scrub” them out of my hard drive? Thanks —
14-Oct-2011
I’ve changed my password, but after I changed it, I still received a SPAM email from myself. I don’t know what happened. How can I know my email is safe after it’s been hacked?
15-Oct-2011
I changed my password, however in the alternate emails their is an address which is NOT mine and it will not allow me to delete it. It is {email address removed}. How can I get this alternate removed?
22-Oct-2011
My Hotmail account was closed and I’ve lost all my contacts. But on my other computer I came across this file of contacts with a ’windowslivefile’ extension. Is there any way of accessing these since I think they are the email addresses of my lost contacts.
If you can help it would be greatly appreciated.
Leo, I’ve now found a solution to the hacked Contacts list. In the abbreviated “Contacts” list that pops up when I start a new email and click the “To:” button, I had found “Adult” contacts added to the end of the list, and I couldn’t find any way to delete them. Finally, I noticed that in the Hotmail left-hand sidebar under “Messenger,” there was a message, “3 invitations.” I clicked on that message, and was taken to a screen that showed several “friend requests” and below those, several “invitations” to join “Groups.” Lo and behold, those groups had the same names as the bogus entries on my abbreviated Contacts list! And when I clicked to refuse the invitation, hooray, they disappeared from the abbreviated Contacts list! (They had never shown on the contacts list that appears when you click the sidebar option.) After refusing all of them, I went into my Profile (click on Profile in the upper right-hand corner of the screen, right under your name and beside “sign out.”) I changed my profile options to the most private settings, and I hope that will prevent future unwanted appearings.
hi there, i have signed into my different hotmail account and its sayin its been blocked, because of spamming, however i hav got personal information in there, so how do i unblock it, thankyou
19-Dec-2011
So if your account has been hacked, why would they use your contact list alerting you of the breach? Why not just browse through your emails (many of mine had files attached) and get the info they are looking for. Since I have my emails saved every time I send, they now have my password list, financial records, resume, etc. This is the worst thing that could have happened. Are there some hackers that just go in and steal your contact list. Between when I found out that I’d been hacked and changing my password, it had been several hours. That would have given them lots of time to browse. I’m praying they didn’t get anything that can harm my credit or identity.
@Wendy
It might be a good idea to contact your credit card companies and inquire if there has been any recent activity on your accounts, block those cards if necessary and change any passwords that you may have on those lists.
I read the answer above, but for me I could not access to mail inbox or option,, just show that me user name and password are correct but I could not access to my page
my blocked email is {email removed}
@Hussein,
You might want to know that posting your email to a live forum like this greatly increases the spam you get, and also your likelihood of being hacked. Getting your email back is going to be difficult, and along with that it would be good to learn some basic safety tips as taught regularly here in Ask Leo!
Here’s a great article on that:
Why shouldn’t I post my email address in a public forum?
My account has also been compromised. Details:
25Apr2012: WinLiveEssentials updated to 15.4.3555.0308. WLM client Version 2011 (Build 15.4.3555.0308).
01May: Received mail from my own address, sent to my address plus 2 contacts. This item was in INBOX and in SENT ITEMS. Unlike my legitimate sent mail, the item’s FROM field is empty.
09May: Received another mail from my address, to my address and same 2 contacts, plus one non-contact address that I emailed on 03May. This item was in INBOX only, not SENT ITEMS.
Each item’s content was a link; the 2 links were similar but different domains – both contained “…/blog/wpcontent/themes/…/likeit.htm?…”; both links’ text appeared to match the target address.
I changed my account password after the 09May incident; I could not find any indication that anything had been altered. I have also deleted all contacts. None of my other WLM accounts has been affected AFAIK.
As was mentioned in the thread, it seems unlikely that someone with malicious intent would send out emails to advertise his activities.
FWIW I’ve used WLM since 2009 without apparent incident. The timing raises suspicion that the 25Apr WLE update could be a factor.
Anyone else with similar experience?
Thanks,
CC
09-May-2012
Leo, thanks for the fast reply to my 09May post. I’ve done a bit more digging since I posted and I don’t believe the items were sent from inside my account. As I said, the 2nd item doesn’t appear in my outbox – I suppose a hacker could have deleted it – but the first item has different property details than my legitimate outgoing mails. They all start with FROM:…, TO:…, SUBJECT:…, DATE:… etc. Above those fields in the bogus message I see MESSAGE-ID:…, CONTENT-TYPE:…, X-ORIGINATING-IP:… and then FROM, TO etc.
To me this strongly suggests “spoofing” rather than hacking?
Of course that leaves the question of the additional recipients. I now realize that the 2 TO addresses in the first email were the only 2 adresses I’ve mailed from that account since 03Mar2012. The 2nd email added the one additional address I emailed on 03May. IOW, the targets seem more likely to be derived solely from my outgoing mail rather than my contacts list, although I have no idea how that could happen.
Sorry if I’ve gone a bit off-topic here – I thought the additional details might be of interest to others…
CC
My account must have been hacked – everyone in my contact list received a spam email from me. Now my account is locked and a strange email address is listed in the drop down “how do you want to receive your code”, how do I get my account back?
06-Jul-2012
@Lynn,
Read this article… it will help:
Email hacked? 7 things you need to do now.
Your live.com email account was simply hacked, and yes this is happening a lot. Changing your password and all password recovery information is the right thing to do.