My email address has been compromised and someone is sending bogus pleas for
help and requests for money to everyone in my address book. What should I
I’m seeing this a lot lately. Scammers manage to gain access to someone’s
email account and then make up wild stories – usually something about your
having taken a sudden trip overseas, and now in some kind of position that you
desperately need your friends to wire you money.
Of course you’re not overseas, and you’re not asking anyone for money.
Your email account has been compromised, and I’m not sure that there’s much
you can do.
But we’ll try.
If you can still log in to the account, you should immediately change your password and change or remove all personal information. As I wrote in Is changing my password enough? it’s not enough to change just your password – you need to change any and all information that a scammer could use to reset your password and regain access to your account.
If you cannot log in to the account, your options are much more limited.
You should immediately contact your email service provider. Now, on the surface that sounds both simple and like it should be a quick remedy. And if your email is being provided by your ISP or someone else with real phone support, it may be.
The problem is that most of the accounts that are being hijacked like this are free accounts with little or no customer service. Hotmail and Yahoo accounts are the most frequently compromised, and coincidentally both offer no telephone-based support. You must first access their on-line support system (perhaps having to create a new account on their system to do so), and submit your problem via a web form, email or in a support forum.
All that takes time. Response will not be quick, if at all.
This is the “price” of free email accounts.
In a case like this I would:
create a new email account – ideally with a service that has real support
send a message to all your contacts(*) that your old email account has been compromised and that they should ignore and delete all further email from that account.
use the new email address from now on
take all the appropriate precautions that it not be stolen
if you like, you can continue to attempt to recover the old email account – perhaps for some peace of mind – but you should probably assume that those attempts will fail.
(*) “but my contacts were on the stolen account” – exactly. If you haven’t been backing up your address book in some way, or don’t have some kind of a duplicate copy, then the best you can hope for is to rely on your memory. This is one of the reasons I mention backing up in the “lessons learned” below.
That’s about as far as we can go with most email services. If you can’t get help from the service, you’re pretty much out of luck. Your account is likely to remain compromised. Tell your friends.
It’s important to make sure we also learn from the experience. Account compromise can be mostly avoided or it impacts minimized if you follow a few common sense guidelines:
Use a good, strong password.
Protect that password properly; don’t write it down where it’s easily found, and don’t share it with others.
Never rely on free email accounts as the only place to keep anything important.
Backup. Backup. Backup.