Phishing Scams - What to do if you fall for one?

My elderly mother just fell for a phishing scam and basically lost her hotmail account to some jackass. She does online banking and such through this email and I'm concerned that if the bastards are clever they can really screw her over. I'm not exactly sure about what she should do to fix this whole mess, any advice? Hotmail and windows haven't been too helpful, as in order to change your password apparently you have to log into the account...which has a new password, courtesy of the phishers.

There should be an account recovery procedure available through Hotmail's customer service portal. Not being a user, I cannot immediately tell you what that is.

One might also attempt normal account recovery, via the "forgot your password" link; this normally requires an existing non-Hotmail email account or that you answer one or more security questions, if those were established at the time of account creation.

In the more general sense, having her Hotmail password compromised does not inherently compromise her other accounts, but it would if she used the same password for them as well (note: this is a very big no-no). It also gives the phishers access to emails from businesses she works with, which would greatly aid in any attempt to steal her identity.

What she needs to do:

• Initiate account recovery procedures with Hotmail, if such are available.
• Create a new backup email account - either use the one provided by her ISP if she has it, or Gmail or some other service.
• Contact any/all institutions/websites with which she does business through her Hotmail account. If her other logins aren't compromised, this is a simple matter of logging in as normal. Change the password on all these accounts. If possible, change the email on the account to the new address in the above step.
• If her logins to any of these business accounts are compromised, contact them immediately via their customer service portals to report the issue. Also contact the banks and credit bureaus to report a potential identity theft case and get a fraud alert issued for her accounts.
• Alert people on her contact list that her email was compromised and to disregard any emails sent from it after this occurred. Phishers love to use hacked accounts to send out "plea for money" scams and additional phishing emails. You may need to back her up from your email address if people know it's good.

^Thank you fighteer. I've already done most of that, but it is good to know I got her heading in the right direction.