Microsoft on Monday said that they started to improve the email service Hotmail with security updates to protect legit user accounts from being hijacked.
The term hijacker refers to malicious users who manage to get access to email accounts of Hotmail users, either by brute force, phishing or other forms of social engineering.
Like Microsoft, Hotmail users need to understand security concepts to keep their accounts safe. To support their users, Microsoft has created a short list of tips to protect the account. The list includes the following security tips:
Microsoft has identified a shift in the strategy of hijackers, who in the past used newly created accounts for spamming purposes. Better recognition cut down on the effectiveness of those methods, which is why hijackers have started to target legit email accounts as well.
With today’s release, we are taking a step forward by detecting compromised email accounts, those co-owned by the legitimate user and the hijacker. We detect them with high confidence using heuristics based on login and account activity, and stop the abuse by locking the hijacker out and closing back doors they may have set up, like using vacation auto reply messages to send spam. At the same time, we begin working with the rightful owner to reclaim the account, recognizing the urgency of the issue.
Hotmail is now able to detect accounts that have been hijacked, and makes use of automatic routines to lock the hijacker out of the account, and work with the account owner to restore the account. Up until now, account owners were able to use an alternative email address that they setup or the answer to a security question to restore an account. From today on, two additional proofs are available for account recovery:
“Trusted PC” is a unique new proof that lets you link your Hotmail account with one or more of your personal computers. Then, if you ever need to regain control of your account by resetting your password, you simply need to be using your computer and we will know you are the legitimate owner.
The second new proof option is your cell phone number, where Hotmail will send a secret code via SMS that can be used to reset your password and reclaim your account.
Both new proofs can be configured in the Account overview window. To avoid the changing of those proofs by hijackers, changes to them users now need to access one existing proof to do so. A hijacker therefor would need access to the security answer, secondary email account, mobile phone or trusted PC to change the proofs.
Email providers like Hotmail do good to improve the security of their services, considering that they really missed out on those improvements over the past years.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.