When someone’s email account gets hacked, it’s usually the friends who find this out first, unless the hacker has completely booted the owner out of his inbox by changing the password. This is because friends are the ones who start receiving spam mails or plea for money. When this happens, what one normally does is call their friend or contact them on an alternate email address to let them know that their email account has been compromised. Now Microsoft has introduced a new system that allows friends to report hacked accounts to Hotmail directly.
When you get a spam message supposedly from your friend, you just click on the “Mark as” button and from the drop-down menu select “My friend’s been hacked!”. When you do that, an alert will be send to Microsoft.
When you report that your friend’s account has been compromised, Hotmail’s compromise detection system will take that report and combine it with the other signals to determine if the account in question has in fact been hijacked. Microsoft says that reports from friends will be considered as one of the strongest “signals” by the detection engine.
Once an account has been mark as compromised, Hotmail will respond by blocking the spammer from using the account. When the account’s real owner attempts to access their account, they’ll be put through an account recovery process that’ll help them take back control of the account.
Microsoft doesn’t make it clear how they’ll identify the spammer from the real owner since both seems to have access to the same account, presumably, using the same password. I’m curious.
The best part is, the hacked account reporting will work across other email providers like Yahoo! and Gmail. So if you are using Hotmail, but your friend’s account at Gmail is hacked you can use the same reporting feature and Hotmail will forward these reports to Google to enable their own systems to recover the hacked account. Splendid.
To strengthen Hotmail’s security, they will also start banning common passwords such as 12345678 and ilovecats. Users will no longer be able to use them. Hotmail users who currently use a weak and common password will be prompted to change it.
You know what I bet they'll do to identify the hacker? Gmail notifies you when your account has been accessed from an irregular IP address, so Hotmail will probably look through to see the messages that have been sent from a different IP address, and use that to ban the hacker.
That's possible. But what if both the hacker and the owner are from the same region or country?