Mark Berry September 28, 2010
In the last few weeks the personal accounts of at least four of my acquaintances have been hacked. As you may have experienced, when your friend’s account is hacked, you start getting emails that appear to be from them, but which actually contain some kind of spam.
How Did They Hack Me?
If email is coming from your account, most likely a hacker has gained access to your password. But how? They probably used one of two methods:
- They used a program to keep entering passwords until it got the right one. This is especially easy if your password appears in the dictionary as opposed to being a random string of characters.
- A virus on your system, or on a system where you accessed your account (e.g. in a coffee shop), was capturing keystrokes and trapped your password.
Of the two, the second carries the higher risk, since the same approach could also be used to gain access to your online shopping accounts, bank accounts, etc.
What to Do?
So you’ve been hacked. What should you do?
Create a Strong Password
If you’ve been hacked, the first thing is to change your password. Do it now, before Yahoo / Hotmail / Facebook disables your account for sending spam.
This Microsoft article explains how to create a strong password. They recommend fourteen characters. I’d say use at least eight characters. (You might want to beef that up for financial sites.) Be sure to include a mixture of uppercase and lowercase letters, numbers, and special characters. If you use a sentence, it’s actually pretty easy to remember.
“Wow, we had super-hot weather on September 27!” becomes W,whs-hwoS27!
“I’m looking forward 2 my vacation! We’re going to Belgium” becomes Ilf2mv!WgtB
Another good alternative is to use the PC Tools Random Password Generator. Tell it how long to make the password and you’ll get a string of random letters, numbers, and optionally special characters.
Windows Live ID Instructions
Update February 24, 2017: This Microsoft article explains what to do When you can’t sign in to your Microsoft account. That should cover sign-ins for Outlook.com, Hotmail, etc.
Check Your Security Questions
If your provider offers “security questions” on the account (“Who was your favorite teacher?” etc.), check to make sure the hacker didn’t change the answers. If they did, they will probably be able to re-hijack the account. In fact, if the provider shows the answers to the old questions in plain text, you should use different questions, because the hacker may know the answers to the original questions.
Check for Viruses
You should have an up-to-date antivirus program running on your computer at all times. For Windows, Microsoft Security Essentials is a good, free program for home use.
But new viruses can get past even the best antivirus programs. If you’ve been hacked, it’s important to scan your computer with a couple other up-to-date scanners to see if they find issues that your primary program missed. Here are two good, free scanners for Windows:
- Malwarebytes www.malwarebytes.org (click Download Free Version)
- Sunbelt VIPRE Rescue live.sunbeltsoftware.com
If you do find a true virus (not just cookies), you should seriously consider changing the passwords on all your online accounts, especially banking and credit card sites, and shopping sites that have your credit card info.
Sometimes eliminating a virus is extremely difficult and time-consuming. That’s one reason MCB Systems recommends full backups of all machines—you can restore your system to a point before it was infected. Without the backup, you may have to reinstall Windows from scratch.