Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Someone has stolen my Windows Live / MSN Hotmail Account and is scamming my contacts. What can I do?

Question:

Someone, somehow get into my MSN Hotmail accounts (I have 2) and
changed my passwords and all the security info, blocking me completely
out. Then all the contacts I have in both accounts are being sent scam
letters saying it’s me and to send $2300 to Lagos, Nigeria. What bothers
me the most is having my name used for scamming.

I’ve tried to contact Hotmail, letting them know what has happened
and asking if there is anything that can be done about stopping them
and closing the accounts.

Do you have an email address, or phone number, any way to contact
them or who to contact. It’s so confusing because its MSN, Hotmail,
Hotmail MSN.

Actually, it’s even more confusing since it started as Hotmail, then
MSN Hotmail, and now Windows Live Hotmail.

Unfortunately, your story isn’t all that uncommon. It seems to be the
latest fad among scammers: steal someone’s account and then impersonate
them to their contacts – make up a fake emergency and hope that some of
your friends will help “you” out by sending them money.

Also unfortunately, I’m not at all hopeful there’s much that can be
done.

]]>

Microsoft recently created the Windows Live Help Solutions Center, which is an online resource for resolving Hotmail related issues.

Perhaps the most telling statement from that site is this:

“[Microsoft does not] offer any direct phone or email support for Windows Live Hotmail.”

Q: I don’t want to use the Solution Center? How do I contact someone at Microsoft directly?

We don’t offer any direct phone or email support for Windows Live Hotmail. Our moderators and ambassadors are always available so posting through the WLHSC is your best way to contact us directly.

(Emphasis mine.)

So there is no one to contact. Period.

Now, the solutions center does include this article: What to do if you think your account has been stolen. If you read through that article you’ll see that they have several semi-automated ways of recovering or validating the account. I have no idea whether or not these techniques will work in every case, but they’re most definitely the place to start.

Personally, in your case I would:

  • create a new account (perhaps on a paid, or different free email system)

  • email all your contacts that what they’re seeing is a scam and that they should ignore any and all email from your old email address

  • start using the new email address

  • take care that it not be stolen

  • try to recover the old one, with the expectation that those attempts will fail

I have to conclude by emphasizing some lessons that we all need to be reminded of from the fact that this is so common:

  • Use a strong password.

  • Take care to protect that password.

  • Never, ever, rely on a free email account as the only place to keep important emails and contacts.

  • Backup. Backup. Backup.

Best of luck.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

32 comments on “Someone has stolen my Windows Live / MSN Hotmail Account and is scamming my contacts. What can I do?”

  1. last month my GMail and Hotmail accounts were stolen when I checked mail from my cousin’s zombie / hacked PC. I was able to recover both the same day. I want to share what helped.

    1. thanks to Leo’s suggestions, I had been using Outlook and Thunderbird, so there was no loss of any important emails.

    2. since I had my emails, I had accurate information to fill out the detailed account recovery form of Gmail. Plus, my data backup habit and memory helped in filling out some information.

    3. Gmail is such a great service that in a few minutes (10-15 minutes) they verified all the information and emailed me a reset link. The Gmail was also the alternate account for my hotmail, so I recovered hotmail by sending a reset link to the alternate account.

    4. My cousin used hotmail’s recovery form, and they took several hours to send her the account reset email. I don’t know whether hotmail took the time or she didn’t provide enough information.

    With all the stories of lost accounts and failure that I hear all the time, it’s good to hear not only of a scenario that worked, but the steps that lead it to work. Thank you.

    – Leo
    16-Mar-2009
    Reply
  2. I recently had to help somwone in a similar situation. A man called me because it seemed that his daughter was sending messages to her contacts even when she wasn’t online.

    Her contacts where receiving messages about going to a certain site to see who was blocking you on MSN/Windows Live Messenger.

    I beleive the site is whoblocksyou.com – they require you to sign in using your email and ’email password’. Apparently they then start signing in themselves (this person was geting knocked of messenger with a messge claiming that she alredy signed in on another computer)- and sending spam links to everybody on her contact list with links to the whoblockedyou site.

    I told her how to go to Microsoft and change her password. The lesson – NEVER sign into any service that requires your email and your email account password.

    Unfortunatlly, people do sometimes give personal info to the hackers and spammers.

    Reply
  3. Also, this is one more reminder not to re-use passwords. Many sites make you log on using your e-mail address as your personal identifier– they might “sweeten” the deal with additional content, promises of discounts (or free stuff), etc. If you then use your e-mail password as the site password, then the site owners can very easily hijack your account, just as is described above. MANY people do this, because they can’t remember 8 bazillion passwords for every site they visit.

    In addition to what Leo has on this site, I also recommend that you check out the Security Now podcast at http://www.grc.com/securitynow.htm for some great in-depth info about passwords (and lots more). GRC also offers a nice password generation utility to help you make them really random, and some thoughts on using a “hash” algorithm to vary a base password with site specific info so that you can work out a strong password specific for each site.

    I’ve recommended Security Now for some time, and often link to GRC’s password generator.

    – Leo
    16-Mar-2009
    Reply
  4. Another way is to have an email that you can use for new stuff or sites that you are not confident about. Create a deliberate email that is easy to password change so that you can lay a trail also in the format of that email is to put a macro trace to enable you to get back at the scoundrals/crooks that enjoy creating misery.
    I have successfully created a way for some of these people being caught, therefore trying to fight back and having the joy of seeing a few of them suffering justice.

    Reply
  5. All I can say is to quote my late mother, “You get what you pay for” and another quote, “there is no such a thing as a free lunch.” In other words, the “free” e-mail accounts are to be avoided as they can be subject to hacking. The best way to avoid this is to subscribe to a pay-by-the-month e-mail service that has a regular customer service number where you can talk to a live human being.

    Reply
  6. Similar experience w/Yahoo when my email account was “hijacked” back in December 2008. Scammers sent bogus emails, ostensibly from me, to my Yahoo contact list (including the senior senator from my state, my state attorney generals consumer affairs division, and the FCC complaint email address). The typical sad, emergency, stranded in Paris, send $2,500 immediately … etcetera.

    I did all the things you suggest Leo (and a couple more) and provided a full and technically detailed report to Yahoo Abuse. Yahoo’s response was the typical – and decidedly unhelpful – “canned” response all the services use.

    My main concern was that this appeared to be an instance of either Yahoo being “hacked” or someone at Yahoo selling info on the spam/scam market (Hey … it’s been known to happen disturbingly often!).

    In essense – I took care of it myself.

    One additional suggestion to offer to others using the free and convenient “throw away” email services:

    I have removed my “contact list/address book” from all of my free email accounts. It takes but a second and a couple clicks to cut & paste an email address from my regular email app into the free email “To” field. It’s a bit less convenient … but it does eliminate the hijackers having any access to your contact email lists.

    Reply
  7. I haven’t had this happen to me (yet?), but the first thing I’d do is let my contacts (and my e-mail service) know what happened. I use my ISP’s e-mail, PeoplePC DSL, and it’s been ok up to now, but mainly I use two Gmail accounts (one for my PC repair business and one for just the usual stuff like newsletters, subscriptions, etc. So far Google’s (Gmail) been very reliable and you have up to 7 GB of free storage on each account. My concern is if this is happening so often and with so many different e-mail services, is it possible that the root cause is virus and/or spyware related. Are they stealing these passwords, etc., from the e-mail services or using just getting them straight from the victims’ computers using keyloggers, hacktools, etc. My point here is that the first line of defense may be your own computer’s anti-virus and anti-spyware. A simple way of adding protection to your address book would be to add a digit to each address that only you know about and then can delete before you use it. Example: myfriendmike3@aol.com. The ‘3’ would be removed before you use the address leaving the real address myfriendmike@aol.com. Only you would know this and the stored addresses would be completely useless to anyone else who accessed them.

    Reply
  8. I notice I’ve recently been getting emails saying “reset your Windows Live password” – and a link that actually looks pretty good. But since I’ve not requested a link to do so, I’ve not used it, since I regarded them as suspicious.

    I’m guessing if people do get such a mail and then click the link their mail details are then captured and voila!

    Reply
  9. There is a solution if a hacker has hacked someone’s Live Hotmail account. Go to about.com and check for Windows Live ID validation page. Fill in the details and when Microsoft compares the information given by you with the information in your account, they will certainly send a link to reset your password which is valid only for a day. So resetting the password has to be done faster without wasting time.

    Reply
  10. funny i have had nothing but problems before the new year, have had false changes, witout my conscent, i hope the security gets better, also web services knowing of my health exactly withut me really sharing with it…interesting…

    Reply
  11. well it all happened to me and my daughter
    he deleted both our accounts so we both called the police then they said they will talk to messenger !! ( you can do that )

    next time a man addes you with a msn addy like
    [email address removed]
    dont add him

    Reply
  12. Bin’ a week now and all hell has broke loose with my MSN messenger and windows live…I CANT SIGN IN anywhere……..I hate this person.idle hands make for idle time……I’ll figure out a waqy around this person I’m sure and also a way to revoke his entire internet witrh microsoft as I have clout friends with them.

    Reply
  13. When you suspect an account, you did not open, is being used using your information , what do I do ? How exactly do I report this ? Been reading for so long now and can”t find anywhere how to report this because the pages are so confuseing and hard to get an straight answer. If my security has been compromised I would like to know ASAP. Thank you

    If you didn’t open it, then there’s little you can do – it’s not a stolen account, it’s simply someone else’s account, perhaps impersonating you. Someone’s created an account in my name, what are my options to stop them? has more.

    Leo
    19-Jan-2010

    Reply
  14. Im getting impersonated, and people are asking for money because I’m in England. Get rid of the email. I can’t even sign in. L

    Reply
  15. Same thing-everyone got emails saying I was in Wales! I had the Windows Support Center reset my email, then I found the answers to that scam from some of my contacts, but all my contacts were gone. They had changed all my personal stuff and evidently lives in New York City. I changed it all back to my stuff, changed passwords and the next time I tried to sign in, I couldn’t! Already stolen again. I’m making an appointment with the Detective in charge of computer/identy theft today!!!

    Changing your password isn’t enough. Read: Is changing my password enough?

    Leo
    20-Apr-2010

    Reply
  16. Someone has stolen my account and locked me out of my own account. I have been locked out of my account for a month now. I have been attempting to go through the windows recovery help but to no prevail. The administrators or whoever the deciding factors are, continue you to say that I am not providing enough information. In spite of my providing details about who is in my contacts list, most recent emails, subjects, some email contents, where I created the account, what states/countries I was in over the past 9-10 years that I have had this account. What else can I do? I have had this email account for many years, since I joined the Army. Since I am no longer in the Army, some of my former battle buddies and I have no other form of contact other than through my hotmail account. What can I do about someone stealing my account?

    I know of nothing more to do that you haven’t already done. This is not unexpected for free email accounts.

    Leo
    25-Jun-2010

    Reply
  17. my contact list has been stolen, and my contacts are receiving emails from me offering viagra and porn. I would like to close the account. Cannot figure out how to do so

    Reply
  18. Someone has hacked my hotmail account and deleted my contacts, I’m not recieving any emails now but i can still access the account. I changed the password. I’m not sure if my emails are getting out but i’ve now opened a yahoo account and will check soon. Is there anything i can do to get my contacts back ?
    Lloyd

    Not that I’m aware of. Sorry.

    Leo
    12-Jul-2010

    Reply
  19. I received a similar email from a friend (he has a hotmail account). I knew it was a scam. I didn’t hit reply, but wrote a new email to him to let him know (using the same email address–the only one I have for him). It was quickly answered by whoever stole his account.

    My question: By sending an email to his stolen account (thereby verifying that my account is active,) is my account now vulnerable?

    Probably not. Email you send someone doesn’t contain enough information to enable hacking into your account.

    Leo
    15-Jul-2010

    Reply
  20. Some one has stolen my MSN hotmail account and is scamming all my contacts for money. I have contacted MSN officals to no avail…They say I have not passed their validation requirements even though I have provided them all the information they requested.. What else can I do??? Is there any government agency I can complain to (about MSN’s refusal to accept my answeres)??? There must be something I can do..

    Not that I’m aware of. Please read this article which discusses your recovery options for the various ways that Hotmail accounts can be lost or compromised: What are my Lost Hotmail Account and Password Recovery Options?

    Leo
    19-Oct-2010

    Reply
  21. yes i went though the so call validation.they told me to click on the site to find my ip address ,i did it was wrong .i found the right one off my pc.they said that my criteria was not approved and i need to send more info.i did and have not heard a word from them.these people have my account and change my password.i can not get in to see what they have done.all my info is at ther finger tips and i can’t do nothing.

    aline

    Reply
  22. My email inbox was emptied and also my address book. They scammed all on the list. If my friends email at my address they get me but if they simply reply to the scam it goes to a hotmail.com which is not me. I couldn’t email everyone about the scam as they stole the addresses.

    Reply
  23. I have had a Hotmail account for many years and recently someone hacked into it. This person has been sending out emails to the contacts in it. I tried closing the account but the person is still using it to send odd emails, not scams. All I want is to completely block my old address so that no one can use it. But after reading that there is no way to directly contact Hotmail personnel, I’m very discouraged and kind of perturbed that there is no way to contact this ‘company’.

    Reply
  24. a while back probably 4 -5 months ago, I was on a pharmacy website taking a survey for some patient assistance on meds for my daughter and the all the failure msg started coming. they were sent to all my contacts and no delivery posted was the way it was sent. I literally get tons and tons of these msgs up to 300 and all my contacts do also. what should I do??? desperately need help???

    Reply
  25. Dear Leo. I just wanted to confirm your advice to those people who have asked for help. I have been trying for a month now to get my old email address address…It just is not happening. I have called Microsoft a dozen times, sent them messages, etc. Someone is sending messages to all my contacts and I am needless the say…MAD. This person has changed my password name, my childhood friend name. I turned this people in for scamming. Sincerely, MAD AS CAN BE.

    Reply
  26. Yesterday i receive email title is HOTMAIL Account Alert saying that we required your loging and Password other wise we ll disable your account then i reply ……….. after they change my password and used my contacts sending every one to give money i lost my woilet using my name plz let me know what can i do…………..here is my id {email address removed}

    That email you responded to was a SCAM (Is Windows Live Hotmail about to close my account?). Your account has been hacked/hijacked. Best I have to offer is here: What are my Lost Hotmail Account and Password Recovery Options?

    Leo
    07-Jun-2011

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.