Welcome to the Windows Central Forums Create Your Account or Ask a Question Answers in 5 minutes - no registration required!
Results 1 to 14 of 14
  1. Forgewizard's Avatar
    Member

    Posts
    127 Posts
    Global Posts
    516 Global Posts
       #1  
    So my hotmail account has been spoofed.
    Changed the password.
    Delved into Windows Live help, they suggest changing account to always use https for better security, EXCEPT if you have a Windows Phone!
    WHAT?
    I've had a hotmail account for several years but didn't use it much based on reports of poor security. Preferring instead to use my Yahoo plus account.
    With the purchase of my Windows Phone I sent all my contacts in yahoo to the Hotmail account when setting up the device - and now less than 2 months later my account has been spoofed and over 300 emails have been sent to individual addys as if I sent them!

    On Monday I changed my password as advised according to hotmail/windows live security suggestions. Last night I see where yet again the account has been compromised! According to MS scale the passwords I use are strong. Used their MS essential security scanner - no malware or viruses - so my security program is doing its job to protect my pc.

    Delve deeper into MS articles on spoofed/hijacked accounts and they say that scammers can use either real people or hi tech programs to read the wavy text designed to prevent hijacking!

    Once an account has been compromised there isn't much that can be done they continue!
    So what is my alternative now? The spoofers have my email handle and can continue to send spam as me. They did 333 in one day! MS says they can shut down my account because of spam being sent from my email addy! EVEN if I am NOT the one actually sending the spam!

    Use of Windows Phone prevents me from using https for more secure sign in. They say to add my cell number to get a text confirmation to increase security - but now that puts my cell number on the account - for the spoofers to see and use?

    I don't like this! This is a MAJOR security issue! NEVER encountered a security breech when using Palm devices and yahoo and now in less than 2 months with Windows phone, windows Live and hotmail I have a compromised account? :mad::mad::mad::mad::mad:
    A Palm Pre Refugee giving my HTC Arrive a pat on the back- cuz it's choking!
    ("Forgewizard" in PreCentral)
  2. aubreyq's Avatar
    Member

    Posts
    1,245 Posts
    Global Posts
    1,267 Global Posts
    #2  
    What happens if you select https? The phone won't retrieve the email?

    Sorry you're going through this. I use Yahoo and I never switched to Hotmail when I got my Windows Phone. Technically I do have a Hotmail account because I needed a Windows Live account for my phone, but it's kind of weird because my Windows Live account is username@yahoo.com. Crazy.
  3. thed's Avatar
    Member

    Posts
    993 Posts
    #3  
    I have it set to always use https and hotmail on my phone works fine. Have you tried it?
    Last edited by thed; 12-01-2011 at 03:24 PM. Reason: didn't fully read OP
  4. palandri's Avatar
    Retired Moderator

    Posts
    7,200 Posts
    Global Posts
    9,370 Global Posts
    #4  
    If the server is hacked there is nothing a strong password or https will do to help you. They could also be sent off a clone server, making it look like you, so emails that don't do through, get bounced back to your email address.
    Check out the great deals on Windows Phone Accessories: http://store.wpcentral.com
  5. Tobyus's Avatar
    Member

    Posts
    73 Posts
    Global Posts
    83 Global Posts
    #5  
    Also, be sure you aren't using too short/simple of a password. Preferably at least 8 characters long and mix upper and lowercase characters with numbers and symbols to increase the difficulty of stealing it. Now, if someone is pretending to be sending e-mails as you, they really haven't got access to your hotmail account, and no matter what security measures you take, you won't be able to stop it (but that could happen to any e-mail address). It's pretty easy to send an e-mail with the "From:" populated with whatever you want.
  6. power5's Avatar
    Member

    Posts
    1,208 Posts
    Global Posts
    1,587 Global Posts
    #6  
    Quote Originally Posted by Tobyus View Post
    Also, be sure you aren't using too short/simple of a password. Preferably at least 8 characters long and mix upper and lowercase characters with numbers and symbols to increase the difficulty of stealing it. Now, if someone is pretending to be sending e-mails as you, they really haven't got access to your hotmail account, and no matter what security measures you take, you won't be able to stop it (but that could happen to any e-mail address). It's pretty easy to send an e-mail with the "From:" populated with whatever you want.
    Emails are going to people he knows in his contacts from hotmail. I would say they have hacked into his account.
  7. thed's Avatar
    Member

    Posts
    993 Posts
    #7  
    Also, check the recovery settings on your account. If whoever has access to the account changed those, then it doesn't matter how many times you change the password, they can keep getting back in.
  8. welsbloke's Avatar
    Member

    Posts
    233 Posts
    #8  
    Email spoofing whether it comes from your account or not is pretty common and once they have your name on file so to speak it is very difficult to stop. The problem now is that the mail servers need to protect themselves from spoof mail so we end up using things like spf and other tools which in turn mean legitimate mails suffer through false postives or being rejected for not obeying rules. Its a vicious cycle and no end in site.
  9. N8ter's Avatar
    Banned

    Posts
    712 Posts
    Global Posts
    717 Global Posts
    #9  
    Happened to my Hotmail last week. I had no idea until I checked my sent messages folder.

    My password is beyond strong.

    Sent from my SGH-T959 using Tapatalk
  10. Mike-Mike's Avatar
    Member

    Posts
    184 Posts
    Global Posts
    462 Global Posts
    #10  
    where are you talking about setting it to use https? from the mail tile? or from just going through the IE browser?
  11. #11  
    Did someone noticed that if you type too long password (25 chars), hotmail only recognize 20 chars? The rest 5 chars are here, but hotmail is working only with 20 :)
  12. jimski's Avatar
    Member

    Posts
    2,254 Posts
    Global Posts
    2,259 Global Posts
    #12  
    I say line the JOs up against a wall and shoot canons at them filled with real Spam. Wouldn't mind a few lead balls mixed in either.

    Sent from my HTC Surround using Board Express
    Nokia Lumia 900 - OS: 7.10.8112.7 - Firmware: 2175.1002.8112.12084
    HTC Surround - OS: 7.10.8107.79 - Firmware: 2250.21.40500.502
  13. #13  
    I would Delete that account and Start up a new hotmail account. I've never had problems with hotmail security.
  14. Forgewizard's Avatar
    Member

    Posts
    127 Posts
    Global Posts
    516 Global Posts
       #14  
    @ Palandri:

    Yes, that's exactly how I discovered the compromised account! First alert was 86 emails received showing on my Hotmail WP7 tile. They were all returned from the "postmaster". Sent to contacts starting with the first one inmy address book and continuing down the list. In the Sent folder of hotmail 333 emails had been sent on one day!

    Regarding signing in with https the info comes directly from the options on hotmail:

    "Using HTTPS will help keep your account secure from hackers-especially if you commonly use public computers or unsecure wireless connections.
    Important note: Turning on HTTPS will work for Hotmail over the web, but it will cause errors if you try to access Hotmail through programs like:

    The Windows Live application for Windows Mobile and Nokia
    MSN Explorer

    If you only need a temporary HTTPS connection, enter "https" in front of the web address instead of "http".
    Use HTTPS automatically (please see the note above)
    Don't use HTTPS automatically

    hmmm, re- reading this - maybe there is a difference for Windows MOBILE and WP 7?
    As a user of Windows Mobile Devices in the past - my brain often equates the two. Guess I'll try to set it up as https along with other new security methods established.
    A Palm Pre Refugee giving my HTC Arrive a pat on the back- cuz it's choking!
    ("Forgewizard" in PreCentral)

Posting Permissions