EMail Hijack, - What's the Procedure?

  thegreypanther 12:29 22 Mar 2012

A friend of mine has had his email account hijacked.

Everyone in his address book seems to be the recipient of the message that says that they are in Spain, have been robbed, their flight home returns in five hours etc. etc.

Can anybody please advise me as to what has to be done now. Is there a procedure? Is a new email account required? Grateful for all hints / tips.

  lotvic 14:49 22 Mar 2012

Who does he have the email account with? or or who?

Webmail only or on his pc?

Can he still login to that account? (have they changed his password so he can't login?)

Can he still send and receive?

If he can still login to his account on the WebMail Server then he first needs to look at his details and check the alternative email address he has set to send password changes to. No good him changing his password if it is sent to someone else. Also need to check if they have set to have a copy of all emails forwarded to them.

  thegreypanther 15:25 22 Mar 2012


My pal (and this IS on behalf of my pal, and not me) has an account with BT. From what I can make out his email account has been completely taken over, as a result of him disclosing his password.

To try and recover things, I have showed him a web page, which seems to give some advice to go on.

Looks like this is a horribly serious business. Maybe at some point an article in PC Advisor wouldn't go amiss, - unless there is one already.

  northumbria61 16:11 22 Mar 2012

Take a look through Leo's Answers here enter link description here

  northumbria61 16:13 22 Mar 2012

Type in Email Account Hijacked - enter link description here

  lotvic 17:00 22 Mar 2012

Yes it can be very serious if they get hold of bank details etc. If he thinks this is possible then he should telephone his bank and Credit card and warn them. They will arrange to telephone him to check any transactions which will stop any worry that his accounts will be emptied. They will also give advice on what to do.

Is BT his ISP? and the email account his main one?

Does he have any other email accounts at all?

Does he think his computer is compromised at all? Hope he has done scans for malware/spyware etc. If in any doubt then he should not connect to internet until he is sure pc is clean.

How did he disclose his password, did he click on a link in a phishing email that said he needed to 'update' (or something like that) his details?

Tell him not to panic (too much) he needs to think logically and get a full picture of the situation in order to start sorting it out.

If he can telephone the people in his contacts to tell them not to respond in any way to the scam emails and not to email him on that address then that is a start.

Can he still login to that account on BT's WebServer?

  lotvic 17:08 22 Mar 2012
  thegreypanther 19:05 22 Mar 2012


Many thanks for your help.

My pal received an email apparently from BT which told him that his BT email account was being updated, and if he sent them his password.... Yes, I know, - sounds too awful to be true. But there are still loads of internet users out there who are not as computer savvy / security savvy as they need to be.

He uses Norton Security and that didn't flag up a problem. I downloaded Anti-Malwarebytes onto his PC, and a quick scan showed no problem.

I have given him a check list based on "things to do" in To start with;-

Contact BT - Set up New Emails - Advise everybody in his address book - etc.

I will keep an eye on him as he works his way through this. What horrifies me is that it's not THAT difficult to be in the same boat as him.

  lotvic 19:17 22 Mar 2012

Oh boy, seems it is all too easy to fall for it.

Keep us informed of progress and steps taken, apart from being interested in getting it sorted, knowing how helps others that have got the same problem.

  thegreypanther 11:27 23 Mar 2012


My pal seems to have sorted things after a lengthy phone call with BT.

The nub of the solution, in his case, seems to be that his BT email address rides in tandem with a Yahoo email address. The BT address is merely a "front" for the Yahoo email address.

So BT have changed the settings of the corresponding Yahoo email, releasing the original BT email address so that it can continue to be used as before.

I don't understand it, though BT seem to be only too aware of the scam and how to deal with it.

Hopefully not too much damage has been done. But sooner rather than later I'm going to be doing a lot of password changing on my own PC, and not respond to someone requesting me to do so!

  lotvic 12:28 23 Mar 2012

Golden Rule of Thumb is guard your passwords same as you do your Bank Cards PIN's - never divulge to anyone - when anyone asks you to do so it means it is a scam.

That's good that BT have dealt with it so promptly and sorted it out.

You might find this interesting, it shows/tells you how to trace an email back to original sender if you scroll down to just below the middle of page to the section titled Tips that the offer was not on the up-and-up

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Converse draws on iconic heritage for a fresh brand identity

Mac power user tips and hidden tricks

Comment lancer Windows 10 en mode sans ├ęchec ?