Is Your Hotmail Contact List Being Spammed By You?

In the last 2 months, at least 3 of my friends who have Hotmail email addresses have sent me spam. This spam looks like it’s coming from my friend, and is sent to one of my email addresses that I only give to friends and guard carefully. Needless to say I’m upset that my friends’ email accounts and hence their privacy has been hacked, and I’m also upset that one of my carefully guarded addresses is now in spammer hands along with everyone else in their address books. Is this happening to you? Read on to find out more.

What Kind of Spam Is Being Sent?

They seem to often be fake work from home or shopping messages. Here is an example of one I received:

Subject: Re: Wow…

Hello there, how are things?
Do you still have that job you had?
I just bought all my christmas presents. I am glad I could quit my previous job because of this: [spam link removed]

How Did they Get My Password!?

There are a number of ways this can happen. Hotmail experienced a rather large leak of it’s internal login data a little while ago. Another reason why companies should never store passwords in a plain text or 2 way encrypted mode. They should be hashing the passwords so shame on them.

But there are other ways that you have control over that might be the cause:

  • Creating an account on any website using your email address and the same password you use for your email.
  • Giving your email address and password to social sites like Facebook who claim they’ll help you to “find your friends”. These sites can now log in and download all your contacts and mail.
  • Logging into your email account from a compromized or public computer that may have a virus or key-logger on it.
  • Logging into your email on an unencrypted wireless connection. Always use the https:// prefix to your webmail so that you are using SSL encryption.

What Do I Do Now? How Do I Stop It?

Unfortunately once spammers have a hold of your email address and your associated contacts, there’s no going back. You cannot stop them from sending email to your friends disguised as you. Even if you change your password (which you should do immediately), they can still send mail that looks like it’s coming from you even if they are not logged into your mail account. The FROM address on an email can be very easily spoofed. They don’t need to keep logging into your account to send the email. They just save your contacts and your email address into their database and then they have it forever.

Unfortunately the only solution is to accept that your email address is now a lost cause. You should immediately create a new email address and advise your old contacts that they should block all email coming from your old address. Then let them know of your new address. It’s a pain, but otherwise you are leaving your self open. Remember to try and avoid the above activities that could result in your new email account being hacked again. I strongly suggest using a separate email address (one you don’t care about) for signing up for websites, and never, ever use the same password as the one on your email account.

I hope the helps! Feel free to ask questions if this has happend to you or someone you know.