How to Reclaim Your Hotmail Account

Written on August 26, 2010  |  by RP Mickler  |  Leave a Comment Leave a Comment  |  Bookmark and Share

How to Reclaim Your Hotmail Account

A few days ago, a new client in Tacoma came to me for help. Apparently she was the victim of a hack that robbed her access to her MSN/Hotmail account. Further, once the hacker had access to that account, he was able to use the user’s same password to access Facebook. Once inside both accounts, the hacker rotated the user’s password and changed her birthdates and phone numbers – pieces needed to automatically reclaim her account through online help.

The hacker then started using both accounts as a way to pass a phishing attack to her friends and co-workers and customers and suppliers suggesting that she was trapped in London without resources, and needed a wire transfer urgently. Problematic. What’s really tricky, though, is the defamation of character that’s happening here: the trust that she had with these people would be irreparable, especially if somebody simply reacted in an attempt to help her.

The steps necessary to reclaim an email account that’s been compromised in this way aren’t widely documented, and it’s not easy nor expedient to get this problem fixed.

Companies who host your email – like Microsoft – need to manually look each situation on a case-by-case basis, and it’s a process that can take up to 72 hours.

Every host has their own request form and Microsoft’s can be found here, but generally here’s the way it goes. Microsoft will spin you into a questionnaire that asks for the following pieces of information that should be answered honestly and to your best ability:

.

1.  Your Windows Live ID (your email address)
2.  Your first and last name
3.  Your date of birth (month/date/year)
4.  Your country
5.  Your state (if applicable)
6.  Your postal code
7.  Your IP address.
8.  The answer to your secret question
9.  The “alternate e-mail address” that is on file for the account
10.  The name of your Internet service provider.
11.  The last date and time when you successfully signed in
12.  The names of any folders that you created in addition to the default folders
13.  Names of contacts in your address book (e-mail address)
14.  Subjects of any old mail that is in your Inbox or mail folders
.
You can use http://www.whatismyip.com to determine your IP address. If you commonly use a PC at work and home, you’d want to access whatismyip.com from both PC’s to identify the IP address. Microsoft’s technicians will use this to compare the frequency of your visits from these IP addresses in the past versus recent activity, so this is a big piece of information they need.
.
If you’re reading this and haven’t had an account compromise yet, don’t be foolish: it could very easily happen to you.
.
Take the time to routinely update your account information with the email host (date of birth, secret question and answer, telephone numbers, alternative email addresses) so that it’s as accurate as possible.
.
If you’re filling out the reclamation form and your information is dated or just wrong, Microsoft’s not going to take your request seriously.
.
Now, what are some steps you can take to avoid an account compromise?
.
  • Never post your personal private information (PPI) in public places on the Internet. You see it can be used against you as a way for somebody to compromise your own account.
  • Hide PPI to all but your friends inside of Facebook. In fact, you may wish to not even post “real” PPI to Facebook at all. See my comments below.
  • Update your secret question and answer. Write them down so you know what they are.
  • Don’t use the same question/answer that you’ve used on every website. Rotate them and make them variable for every website.
  • Create unique passwords for every website.
  • Make your passwords complex. Include upper-case, lower-case, numbers, and meta-characters (&!^@(*$*).
  • Rotate your account password once every six months
  • Run an anti-virus and anti-phishing product on your computer system.
  • Separate casual email addresses from work email addresses, and, email addresses used for accessing financial websites; be deliberate in creating logical barriers between play, work, and finances so that a compromise of one doesn’t automatically lead to a compromise of all.
  • Never cache your account password in web browsers of foreign/public computers
  • If you ever loose your cell phone, rotate all passwords on everything you accessed with your phone
  • If you’re a small to mid-range business, force these rules through policy on your employees, and create your own company’s email domain so you alone can set technical controls over email and contact access.
.
And yes, doing all of these things makes it difficult to access websites because the information’s not the same, boo-hoo – yeah, that’s the point, dude. Man-up. Make a list on a piece of paper if you need to. Remember that hackers are counting on you to express a typical human condition called ‘laziness’.
.
More information about consumer fraud and other precautions you can take can be found at the following websites:
.
.
Where can you find the account reclamation form for other email hosts?
.
.
Finally, a word of caution.
.
In this example, we may have been able to recover the account’s access but with the compromise comes a stark reality: the hacker had direct access to all of the PPI of her friends on Facebook and her contacts list inside of Hotmail. That means such information could be used to compromise their accounts, too, and armed with even a little information about her, the hacker may attempt to go after financial websites. I advised rotating that information immediately. So, once you’re compromised, it can create a cascading effect that can bring harm to your friends, family, and your professional acquaintances. Once a friend of yours is hacked, you’re at risk. This isn’t fun.
.
Just a little precaution could go a long way in protecting your identity and those of people who’re important to you. Take it seriously, kids.
.
R

jennifer Jones says:

Commented posted on: March 31, 2011

How do you physically speak to the people of HOTMAIL?
Is there a number that you can call to get them to guide you? My account security question (answer) was changed and now I can’t get into it at all.

RP Mickler says:

Commented posted on: March 31, 2011

Hey there, Jennifer –

Try this number: Hotmail, Premier Free Web-Based Email Service by MSN (Microsoft)
1-800-386-5550 User Provide Phone Number for Premium Accounts

If that doesn’t work, try walking through this wizard for password resets:
https://account.live.com/ResetPassword.aspx

All the best!
R