Hotmail Scam

[DwayneA]

I recently lost access to my hotmail email account earlier today. In the morning when I still had access to it, I received an email that asked me to verify my hotmail account or it would be terminated. I sent in the information they requested, and now I have lost access to my hotmail account.

To prevent anyone else here from suffering as I have, ignore this message you may get in your email account if you have hotmail:


Dear Account User

This Email is from (link removed) Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. We are sending you this email to so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.
Due to the congestion in all Hotmail users and removal of all unused Hotmail Accounts, Hotmail would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

* Username: ..............................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: ................

After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.
Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.
Sincerely,
The Windows Live Hotmail

 

[megoblocks]

The stellar use of punctuation clearly shows this to be legit

 

[aadams73]

Sadly, you have no one to blame but yourself.

 

[TheIT]

If you're warning us about a scam, you really shouldn't be including links in your post.

 

[Silver King]

As a rule of thumb, don't ever give out your account information, whatever type of account it may be, in particular when it's requested via email.

I don't know why this is so hard to get across to people. Just. Don't. Do. It. Ever.

Period.

 

[benbradley]

Contact hotmail immediately, ASAP, and tell them the hotmail address that was stolen. They should know for several reasons - you may be able to get the account back, AND you should tell them it's compromised so you don't get wrongly blamed for anything done with the account. The last is unlikely due to Hotmail saving the IP address every time you log in and the new logins are clearly NOT yours, but regardless Hotmail needs to be told it's been stolen so they can remove access of the person who has the new password.


ETA: The same thing can happen to ANY email account. Never respond to any request to send your password, no matter how dire the message. I don't even use "third-party" sites for Twitter because so many of them ask for my Twitter password.


(more) And yes, my Twitter password is different from my AW password and different from my main email password which is different from my Gmail password. It's a sure bet that when criminals get your password for something, they try it with the same ID on lots of other commonly used sites. Making every password different is more trouble to keep track of, but prevents such collateral damage.

 

[Matera the Mad]

And read up on e-mail phishing. Google is your friend.

 

[Silver King]

If you're warning us about a scam, you really shouldn't be including links in your post.

I removed the link. Took all of the gumption I had to click on the damn thing, though it turned out to be innocent enough and led to the Microsoft website.

 

[TheIT]

I removed the link. Took all of the gumption I had to click on the damn thing, though it turned out to be innocent enough and led to the Microsoft website.

Better safe than sorry (said the spider to the fly).

 

[DwayneA]

how do I contact hotmail?

 

[writerterri]

why would someone want to steal an email account. is there money in that? i don't get it.

 

[Cella]

why would someone want to steal an email account. is there money in that? i don't get it.

maybe to gain access to OL banking information, CCs...etc ??

 

[Silver King]

why would someone want to steal an email account. is there money in that? i don't get it.

Well for one thing, they'd have access through your email history to online purchases you'd made with credit cards and can steal your account info to make purchases.

Also, say you'd signed up to a site which requires notification through e-mail to activate your account. Why then they'd have your password to that site.

And so on...

 

[Snowstorm]

You may want to consider notifying the three credit bureaus that you were a victim of a scam. They can put a security hold on your accounts. If someone were to try to open an account using your information, the bureaus will verify with your first.

It's easy to do. If you notify one, that bureau will notify the two others (although I notified them all individually).

 

[backslashbaby]

hotmail.com

There will be a contact number there somewhere.

If you ever get anything from an account you really have, go to their website yourself. Send them an email or contact form via the known website. Ask them if it's for real.

But never click on links via email. Scammers fake those links, see...

 

[leahzero]

Just a tip: web sites will NEVER ask you to email them your password, birthday, or other sensitive information.

Passwords are almost always stored in encrypted form in the web site's database. If a legitimate employee of the web site needed to access your account, they would be able to do so without having to request your information. At no point will they see your password. It's a huge security risk.

These scams have been going on since the dawn of the internet. Do not ever reply to them and do not click on any links they send you.

 

[Darzian]

As a rule of thumb, don't ever give out your account information, whatever type of account it may be, in particular when it's requested via email.

I don't know why this is so hard to get across to people. Just. Don't. Do. It. Ever.

Period.

+

 

[LOG]

* Password: ................................

No legitimate service will EVER autonomously ask for your password. Never, ever, ever, ever.

The only way you would be giving away your password is if you needed to call them for some reason for them to do something to your account on your behalf. Which is very rare, I had to do it once for a WoW account, and then they only asked me for the answer to my secret question.

 

[benbradley]

maybe to gain access to OL banking information, CCs...etc ??

Yes, that's surely one of the main motivations for these scams - too many people have THE SAME PASSWORD for EVERYTHING they use online.

Needless to say This needs to be said: this practice is dangerous. At least have separate passwords for "important" things, online financial account access and such.


DwayneA, if your Hotmail password is the same as your Twitter or anything else you use online, change your other passwords NOW. It's likely too late if so, but this needs to be said.

 

[backslashbaby]

Very true. I've had to change passwords for folks on dozens of systems and we can't even see your password, and we need security measures to log in ourselves.

An email form is just not how it's ever done.

Go to the real site directly, or call them directly.

 

[benbradley]

why would someone want to steal an email account. is there money in that? i don't get it.

This reason is pretty much obsolete now, but it's an example. In the mid to late 1990's there were large numbers of scams related to AOL. AOL email addresses by the millions would get spam with a link, and the link would show a webpage that looked EXACTLY like the actual AOL login page with the added wording "Your AOL session has timed out. Please log in to resume."

Of the millions sent out, probably tens of thousands would respond and most not even know they gave away their passwords. The AOL accounts would be used to send spam over the weekend until Monday Morning the abuse workers at AOL would come into work, see all the spam complaints and delete the account.

 

[DwayneA]

how could I now have known about that email? I am so gullible!

 

[Silver King]

how could I now have known about that email? I am so gullible!

You are the target audience, D. And the only reason I know this is because you've been had.

Sharing your experience here, though, has helped others to avoid similar scams.

 

[Marian Perera]

how could I now have known about that email? I am so gullible!

I previously had no personal experience with phishing, but I love reading about scams in general - and maybe a year ago, I picked up a book in the library which mentioned this.

Then recently I got a message, supposedly from my bank, asking me to enter some details of my account or its security might be compromised.

Yeah. Right.

I also wrote a guest blog post about what phishing and literary scams have in common, and that'll hopefully be up soon.

Moral of the story: The information is out there.

 

[WildScribe]

Someone hacked my account (not got it through a scam, hacked) last month, but the idiot didn't bother to change my password, just spammed my address book. I have my secondary email saved, so I knew there was a problem when I spammed myself Good luck getting control back!