We've had some more feedback from people who have been affected by Hotmail hijackers. It seems that changing your Hotmail password should be effective — provided that you can prevent the hijackers re-acquiring your new password.

In addition to changing your password and making sure that any 'alternate email address' linked to your account is correct, you should also check:

• Your vacation message
• Your signature

and remove any text that the scammers have added there. You can update your signature and vacation message through the "Options" menu at the top right of the main Hotmail mail page. Choose "More Options" from the pull-down menu to get access to your account settings.

What isn't clear yet is how the scammers are capturing Hotmail passwords. One person who wrote to us is a Mac user. While malware for Macs does exist, it's very rare. This makes it less likely that passwords are being stolen by a dedicated password stealer installed on the user's machine. Nevertheless, if you're a PC user, you should still make sure that your anti-virus and system software are kept up-to-date.

Other possible ways for the scammers to acquire Hotmail passwords include simple phishing attacks, cross-site scripting, or setting up a site to exploit the password anti-pattern. More elaborate schemes — DNS corruption, fake wireless access points, packet-sniffing — are a possibility, but seem unlikely.

Observing basic security rules should go a long way to protecting you against most of the simpler attacks. You should never click a link, on the web or in an email, that claims to take you to Hotmail. Either enter the URL manually, or use a stored bookmark that you have created. Make a practice of checking the address line in your web browser to be sure that you're really connected to Hotmail and not some other site that just looks like it. Never enter your Hotmail password on a third-party site for any reason.