hotmail address hijacked - help

[ChrisPr]

Best beloved son has asked the following, in the mistaken belief that I might know the answer. My best response is seek help here :-)

My e-mail address (hotmail) has been hijacked. It hasn’t been hacked, but it’s being used as the return address for some US tax scam, so I’ve had hundreds (literally) of e-mails from companies today returning to sender/address unknown, etc. The problem is that I can’t block the senders because they’re all different. BullGuard picks it up as spam, but some are starting to get through to my inbox.

Do you or any of your techy friends know if I can do anything about this? I know I could change addresses, but a lot of clients know this address and I may lose business.

Thanks for any help.
Chris Prowse

[StuartR]

This is one of the worst situations to deal with. Because the spam emails are NOT really coming from your account there is nothing you can do about it.

Your options are:

• Wait for it to stop. The spammers usually move on to another victim after a few days or weeks.
• Create a new email account, notify all your contacts, stop using the old email account.

[HansV]

This is tough - it means that someone is sending e-mails from another computer with your son's e-mail address as sender or return address. Chances are that the e-mails are being sent from a country that isn't interested in fighting cybercrime, such as Russia or China; if that's the case, there is nothing he can do against it. It'll probably stop in a few days.

If the subject of these e-mails contains a fixed phrase, he could create a rule to move or delete the messages based on the subject.

[ChrisGreaves]

... My e-mail address (hotmail) has been hijacked.

I like to think that I'm the most paranoid, conservative regular poster here, so ...
I agree with the previous responses - nothing you (all/both) can do about what's out there.
Which leaves you with something to do with what's in here.
Cut your losses.

• Stop using that email address immediately.
• Use MSE or similar to do a thorough scan of the computer
• Back up the data (twice?) to an external drive.
• Reformat the computer drive(s) (I think that deleting/creating partitions is a good idea at this time)
• Reinstall Windows with MSE (or similar)
• Restore data.
• Open up a new email account from the clean machine.

I assume that you've had the heart-to-heart chat about the perils of downlaoding images and movies from those FREE second-hand bookstore sites, and the like ( )

[HansV]

Formatting the drive and reinstalling Windows is far too drastic in my opinion - it won't do anything to solve OR prevent the problem.

[ChrisGreaves]

Formatting the drive and reinstalling Windows is far too drastic in my opinion - it won't do anything to solve OR prevent the problem.

Well, drastic, yes, I agree.
I'm thinking that this is a computer system that has been compromised in some way and the owner doesn't know the extent of the compromise, so any part-way measures may leave worms unturned.
Rebuilding the machine is a guarantee that the machine is clean.
After that, we are back to "safe computing habits", education and eternal vigilance.

[HansV]

But I'm 99% certain that the computer has NOT been compromised. Someone else (probably in another country) has got hold of the e-mail address of ChrisPr's son and is using it to fake the sender or return address in e-mails sent from their computer (not from the computer of ChrisPr's son). Nothing ChrisPr's son does to his computer will make any difference to the sending of those e-mails...

[ChrisGreaves]

Someone else ... has got hold of the e-mail address of ChrisPr's son ...

I agree that this is probably what hashappened.
My suggestion, drastic as it is, ought to remove all traces of the old email or any potential threat from Chris's son's machine. We don't really know what else is on there. Probably Chris doesn't know, and his son almost certainly doesn't know, although I'm reluctant to go as high as 99% sure (grin!).

It ranks right up there with "If I could live my life all over again ...", I know, but sometimes spending 4(?) hours rebuilding the software from scratch is the only way to be 100% sure that the hardware/software is squeaky-clean.

I put a great deal more faith in education and MSE (or its equivalent, if any).

[StuartR]

I have had this happen to me in the past. It simply means that someone has decided to use your email address as the return address for their SPAM. There is no reason to suspect that your computer has been compromised and absolutely no reason to take drastic cleaning action.