As we shared alongside Google on September 24 of last year, online account hijacking continues to grow across all email services, regardless of provider. To help protect our Hotmail customers, we’ve introduced a number of new features and technologies to safeguard accounts, including new methods of proving ownership like single-use codes and trusted PCs, trusted senders in the inbox, full-session SSL encryption, and more. And at a broader level, Microsoft also continues to hunt down cyber-criminals and illegal botnets that generate billions of spam messages daily, and shut them down.
Most people know that banks and credit card companies monitor usage patterns for suspicious activity -- and many people have had their financial institutions briefly suspend their accounts and contact them to double-check account activity and ensure the rightful owner is still in charge.
At Hotmail, we also monitor for strange activity (like sending a lot of email that is reported as spam) and contact our customers if we see issues. And in our network of over 1 billion email accounts, unfortunately, a few customers run into this problem every day.
If this happens to you, here’s how you’ll know.
If you do find out that your account has been compromised, don’t worry. We’ll fix it. Below is a video showing the account recovery wizard and then another demonstrating how you can add proofs to your account to help prevent this in the future.
- The next time you sign in to Hotmail or one of our other websites, you will be asked to complete a few simple steps to verify your identity, change your password (as a precaution), and then double check all of your information to ensure that nobody else has changed anything without your knowledge. We call this the account recovery wizard, and in addition to verifying that you are you, we also encourage you to add extra pieces of information to your account to make it even more secure (we call these “proofs”). Adding a mobile phone number, alternate email, or trusted PC makes it harder for criminals to access your account and easier for you to recover if they do.
- If you access Hotmail using a program like Outlook, Windows Live Mail, or software on your mobile phone, you will see an error (usually that there is a problem with your username or password). You will need to log in online at www.hotmail.com to see if your account has a problem and access the account recovery wizard. If you see your inbox, then you weren’t compromised and can continue as normal.
Most people should be able to recover their account in just a few minutes by answering a few questions or using their alternative email address or mobile phone. If you run into issues, we do have support agents online to help at https://www.windowslivehelp.com/PasswordReset.aspx. But it’s usually only a few minutes to recover your account yourself – so try that first before asking support to help.
Most often, the source of the compromise is a virus or malware that record keystrokes to steal passwords. Keep in mind that even if your PC is safe, your friend’s PC (or that PC at the hotel on a business trip) may not be.
The good news is that you can protect yourself! Be sure to update your virus software on your PCs (you can download free antivirus software at the Microsoft Security Essentials website), and when you use a PC that isn’t yours, consider logging in with a one-time code. For additional steps you should take to secure your account, please follow these steps from the Windows Live Hotmail Help Center.
When it comes to account security, Hotmail—and Microsoft—are dedicated to doing all we can to help protect your Hotmail account from thieves. While it’s fun and exciting to develop and launch new features that people on Hotmail love—like our integration with Office or Sweep—our number one priority is the security of your account.
Stay safe.
Eric Doerr
Group Program Manager, Windows Live ID
More...