Hotmail fights back against hacked email accounts

HotmailMicrosoft has announced a new feature for Hotmail users that should help in the fight against email fraudsters and spammers.

It wouldn’t surprise me if many of us haven’t received an email which appears to come from a friend, but actually contains a bogus cry for help claiming they are stranded in a foreign country or a spammy advert.

Often in these cases your friend’s email account has been compromised because they chose a weak password, or had been using the same password in multiple places – only to have one of them phished, or were careless with their computer security.

One famous example of this happening occurred two years ago, when the Hotmail account of UK politician Jack Straw (who was the country’s Justice Secretary at the time) sent out hundreds of emails attempting to defraud his contacts.

Sign up to our free newsletter.
Security news, advice, and tips.

My friend has been hacked!Hotmail’s new feature is designed to make it quicker and easier for control of the hacked email accounts to be returned to their rightful owners.

Recipients of emails from clearly compromised accounts can now report them directly to Hotmail, as a new “My friend’s been hacked!” reporting option has been added under the “Mark as” menu.

In addition, accounts can also be reported as compromised if you mark a message you have received as junk:

My friend has been hacked!

If you make use of these options, you’re giving Hotmail a heads-up that the account could have been compromised and they can use the warning (and other signals they pick up from the account’s behaviour) to determine if they need to stop the account from being abused, and begin the process of returning control of the account to its rightful owner.

What’s especially warming about this initiative is that it’s not just a Hotmail to Hotmail thing.

Dick Craddock, the Microsoft Group Program Manager responsible for Hotmail says that Hotmail is also sharing these notifications with Gmail and Yahoo, which means that you could still be helping a hacked friend even if they don’t also use Hotmail.

Let’s hope we see other web email providers follow Hotmail’s lead and offer similar ways for their own users to report possible account compromises. After all, minutes matter if your email account has been breached – the long an account is under the control of malicious hackers, the more harm that can be done.

Hotmail says it has only had the functionality enabled for a few weeks, and it has already helped it identify and recover thousands of hacked accounts.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.