1

Someone has definitely gained access to two of my alternate emails. I know this by looking at the login activity. By looking at the email logs I discovered that the IP that is always gaining entry to my email is not my own.

I haven't changed my passwords yet because I'd like to somehow figure out who is doing this. What should/could I do about this?

Calisto
  • 67
  • 2
  • 2
  • 7
  • 1
    It's not my college email, it's two of my hotmail emails. – Calisto Jan 15 '16 at 05:49
  • 2
    Touching your personal accounts is illegal. Your college email account belongs to them, though. I'd get the authorities on the ball, personally. – Mark Buffalo Jan 15 '16 at 05:50
  • 4
    "I haven't changed my passwords yet" - NB. *"You are responsible for all activity that occurs under your Microsoft account"* - [Hotmail.com Terms of Use](https://www.microsoft.com/en-gb/servicesagreement/) – TessellatingHeckler Jan 15 '16 at 08:01
  • Related: [How can an email account be compromised](http://security.stackexchange.com/a/30699/32746). – WhiteWinterWolf Apr 27 '16 at 09:12

4 Answers4

8

TL;DR:

  • Change your passwords
  • Enable two-factor authentication to prevent attackers from changing your password
  • Warn your sysadmin

You should change your passwords ASAP. From a machine that you trust.

What good is it going to do that the attacker can still log in too? What if they find a way to change the password, too?
Any suspicious activity should already be logged, so go to your sysadmin and/or Hotmail, and let them do the detective work.

As was pointed out in the comments, you will be held responsible by Hotmail for activity on your account. So don't let someone else impersonate you.

Don't jump to conclusions about who the attacker is. It may just as well be someone from outside your campus, who managed to gain remote access on some of the computers there, and installed a keylogger.

The possibility of a keylogger is why you should change your password from a machine that you trust. You may want to run your AV software on that machine before changing passwords.
As was pointed out in other answers - enable two-factor authentication while you're at it, if you haven't already. This will make it difficult for an attacker to change your password in the future.

Also, you should contact the authorities in question - notably the local sysadmin. Unless you have a good reason to suspect the sysadmin, they are the one to go to - security on the local network is their responsibility. If something fishy is going on on the network, they should be warned ASAP. They'll want and need to know.

S.L. Barth
  • 5,504
  • 8
  • 39
  • 47
  • 1
    I would also add "Warn your personal contacts" (whether by email, blog, etc.). An attacker may use the victim's addressbook to impersonate him (using a third party specially created email address) and initiate scam attempts. – WhiteWinterWolf Apr 27 '16 at 08:56
4

First of all, I would change my password.

Secondly, if at all possible, turn on two-factor authentication of some kind, so that you will be able to reset your password if someone should get access again, and actually change your password (is this possible with Hotmail? I know GMail supports it). You definitely don't want to be locked out of your own account!.

Thirdly, I'd try to scan the accessed accounts for any important personal information that someone could have read. If there are emails that contain information about other accounts for instance, you will definitely want to change the passwords to those too. You should also check if any emails have been sent from your account, or if there is anything suspicious in the deleted folder, just in case (although it would be a little surprising if whoever accessed your account had done anything like that and not cleaned up after himself...).

Also, if you are using the same passwords for several different services, be sure to change all of them.

Finally just a quick spur-of the moment idea:
Admittedly, this is not very likely to succeed, but uf you really want to try to catch this guy, you could attempt a sort of reverse phishing attack against your own account: Send an email to yourself with a title like "Todo", and a link to some site you control. Read the mail so it will not appear as new / unread, but leave it at the top of your in-box. With any luck the person reading your mail will click the link out of curiosity.

If you set up a page at that URL which gathers as much info as possible about the user, perhaps you could get some useful info(1)? (IP address, OS, Browser, possibly cookies, other things?). You could also make the site request location data. Silly additional idea: Perhaps make the page play a loud sound clip, just on the off chance that your account had been accessed from a computer in a public space at your college, where you or someone else might overhear it and catch the person red handed?

(1) I'm assuming of course, that you don't want to actually try to break into the attackers machine, or trick him into giving you his own e-mail and password, or do anything else that might be ethically questionable, although that should obviously be possible too.

Kjartan
  • 999
  • 11
  • 17
  • 1
    Yes, it's possible. A friend of mine couldn't change his hotmail password because he'd changed phone numbers once.. – S.L. Barth Jan 15 '16 at 14:44
1

It might not be an admin, networksec, or a teacher. What if someone hacked their login? It might be best to raise the issue with your school. Do they have anyone that manages the security of their systems? Perhaps ask for a meeting with them and your college principal to have the issue investigated.

1
  1. Change your passwords from a trusted machine to prevent further access.
  2. Check your local privacy laws if that amount of monitoring is even legal in your jurisdiction.
  3. File a complaint that the monitoring activity interferes with your work and that you have reason to suspect abuse. But do not accuse a specific person without any proof.
Philipp
  • 49,017
  • 8
  • 127
  • 158