- 12-01-2011, 01:06 PM #1
So my hotmail account has been spoofed.
Changed the password.
Delved into Windows Live help, they suggest changing account to always use https for better security, EXCEPT if you have a Windows Phone!
I've had a hotmail account for several years but didn't use it much based on reports of poor security. Preferring instead to use my Yahoo plus account.
With the purchase of my Windows Phone I sent all my contacts in yahoo to the Hotmail account when setting up the device - and now less than 2 months later my account has been spoofed and over 300 emails have been sent to individual addys as if I sent them!
On Monday I changed my password as advised according to hotmail/windows live security suggestions. Last night I see where yet again the account has been compromised! According to MS scale the passwords I use are strong. Used their MS essential security scanner - no malware or viruses - so my security program is doing its job to protect my pc.
Delve deeper into MS articles on spoofed/hijacked accounts and they say that scammers can use either real people or hi tech programs to read the wavy text designed to prevent hijacking!
Once an account has been compromised there isn't much that can be done they continue!
So what is my alternative now? The spoofers have my email handle and can continue to send spam as me. They did 333 in one day! MS says they can shut down my account because of spam being sent from my email addy! EVEN if I am NOT the one actually sending the spam!
Use of Windows Phone prevents me from using https for more secure sign in. They say to add my cell number to get a text confirmation to increase security - but now that puts my cell number on the account - for the spoofers to see and use?
I don't like this! This is a MAJOR security issue! NEVER encountered a security breech when using Palm devices and yahoo and now in less than 2 months with Windows phone, windows Live and hotmail I have a compromised account? :mad::mad::mad::mad::mad:
- 12-01-2011, 01:41 PM #2
What happens if you select https? The phone won't retrieve the email?
Sorry you're going through this. I use Yahoo and I never switched to Hotmail when I got my Windows Phone. Technically I do have a Hotmail account because I needed a Windows Live account for my phone, but it's kind of weird because my Windows Live account is firstname.lastname@example.org. Crazy.
- 12-01-2011, 02:03 PM #4
If the server is hacked there is nothing a strong password or https will do to help you. They could also be sent off a clone server, making it look like you, so emails that don't do through, get bounced back to your email address.
- 12-01-2011, 02:06 PM #5
Also, be sure you aren't using too short/simple of a password. Preferably at least 8 characters long and mix upper and lowercase characters with numbers and symbols to increase the difficulty of stealing it. Now, if someone is pretending to be sending e-mails as you, they really haven't got access to your hotmail account, and no matter what security measures you take, you won't be able to stop it (but that could happen to any e-mail address). It's pretty easy to send an e-mail with the "From:" populated with whatever you want.
12-01-2011, 03:54 PM #8
- 248 Posts
Email spoofing whether it comes from your account or not is pretty common and once they have your name on file so to speak it is very difficult to stop. The problem now is that the mail servers need to protect themselves from spoof mail so we end up using things like spf and other tools which in turn mean legitimate mails suffer through false postives or being rejected for not obeying rules. Its a vicious cycle and no end in site.
- 12-04-2011, 08:13 AM #14
Yes, that's exactly how I discovered the compromised account! First alert was 86 emails received showing on my Hotmail WP7 tile. They were all returned from the "postmaster". Sent to contacts starting with the first one inmy address book and continuing down the list. In the Sent folder of hotmail 333 emails had been sent on one day!
Regarding signing in with https the info comes directly from the options on hotmail:
"Using HTTPS will help keep your account secure from hackers-especially if you commonly use public computers or unsecure wireless connections.
Important note: Turning on HTTPS will work for Hotmail over the web, but it will cause errors if you try to access Hotmail through programs like:
The Windows Live application for Windows Mobile and Nokia
If you only need a temporary HTTPS connection, enter "https" in front of the web address instead of "http".
Use HTTPS automatically (please see the note above)
Don't use HTTPS automatically
hmmm, re- reading this - maybe there is a difference for Windows MOBILE and WP 7?
As a user of Windows Mobile Devices in the past - my brain often equates the two. Guess I'll try to set it up as https along with other new security methods established.