Author Topic: Email hacked?  (Read 2697 times)

0 Members and 1 Guest are viewing this topic.

Offline mikep

  • Sr. Member
  • ****
  • Posts: 333
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Email hacked?
« on: February 18, 2019, 09:35:36 pm »
Just been locked out of my outlook.com account because of 'unusual activity'.

Having got back in, I found the following.

Time (GMT)                                  Session Type                                                Approximate location
 12/02/2019 19:58                        Automatic Sync                                             United Kingdom

ProtocolIMAP                              Time12/02/2019 19:58
IP: 92.40.249.198                        Approximate location: United Kingdom

Account alias:                              Type: Unusual activity detected
xxxxxxxx@outlook.com


Trouble is, how do I tell whether it was my phone trying to sync with outlook, or someone else up to no good? An IP lookup suggests that 92.40.249.198  is in Brighton, Barking or Cardiff, whereas I'm in Norfolk and my ISP is in Scotland, so it looks suspect to my eagle eye.

Also, it appears I sent two messages both to recipients I don't know, but with a subject line referring to a social group I do know. That suggests to me that maybe one of that group got hacked and was used to send fake messages, including to me. Does that sound credible?

Finally, my phone stopped syncing with my outlook account. I haven't set it up again yet because I'm not confident about what's going on.

Of all the things I've lost, I miss my mind the most...

Online Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18268
  • Karma: 477
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: Email hacked?
« Reply #1 on: February 20, 2019, 01:41:53 pm »
Quote
Trouble is, how do I tell whether it was my phone trying to sync with outlook, or someone else up to no good? An IP lookup suggests that 92.40.249.198  is in Brighton, Barking or Cardiff, whereas I'm in Norfolk and my ISP is in Scotland, so it looks suspect to my eagle eye.

IP based geolocation doesn't necessarily mean much from a phone I'm afraid.
(in fact it's not that accurate on a landline)

About all you're going to know for sure is that IP is registered to:-

netname:        H3GUK (Three)
descr:          Mobile Broadband Service


and the time of the connection.

I mean Three could theoretically tell you which phone/tower was the point of origin (and probably the users contacts, current/past location, browsing history, etc.) .. but I wouldn't hold your breath unless you're the security services.
« Last Edit: February 20, 2019, 01:48:42 pm by Mark Greaves (PCNetSpec) »
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline mikep

  • Sr. Member
  • ****
  • Posts: 333
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Re: Email hacked?
« Reply #2 on: February 21, 2019, 01:00:42 am »
Thanks Mark,

So what would you do in these circumstances? I changed my password, and have noticed no further suspect activity so far..

Also, any thoughts on what happened? Phone hack, computer hack, 3rd party computer hack, browser hack? I'd appreciate your opinion...

M
Of all the things I've lost, I miss my mind the most...

Online Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18268
  • Karma: 477
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: Email hacked?
« Reply #3 on: February 21, 2019, 01:28:59 pm »
Does outlook offer two factor authentication ?

any thoughts on what happened? Phone hack, computer hack, 3rd party computer hack, browser hack? I'd appreciate your opinion...

There may not have been a hack in the first place .. are you sure it wasn't you that connected, and the IP geolocation wasn't just incorrect so triggered the warning ?
« Last Edit: February 21, 2019, 01:31:24 pm by Mark Greaves (PCNetSpec) »
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline mikep

  • Sr. Member
  • ****
  • Posts: 333
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Re: Email hacked?
« Reply #4 on: February 21, 2019, 06:31:05 pm »
I can't be sure it wasn't my phone trying to sync, but I can't be sure it was.

But it baffles me why the IP lookup suggests three possible locations hundreds of miles apart, and why my phone suddenly stopped syncing with outlook. And Microsoft seems to think something suspect was happening...

I think outlook does offer two factor authentication. Will look into it, although I don't really like giving MS my phone number. Mind you, Google has it by default. How much worse could it get?
Of all the things I've lost, I miss my mind the most...

Offline Rich J

  • Sr. Member
  • ****
  • Posts: 486
  • Karma: 4
  • Gender: Male
  • Still a Linux Luvvie!
    • View Profile
    • Awards
Re: Email hacked?
« Reply #5 on: February 21, 2019, 08:27:35 pm »
Mike, you can check here to see if your email account has been hacked - the site has good reviews and I've had no issue using it but please check it out thoroughly and satisfy yourself first.  ;)

https://haveibeenpwned.com/

I started to get a lot of spam emails after I'd registered on an American music equipment site - I'm pretty sure they'd been hacked as all my spam originates from the States.  I have a Gmail address and Google are pretty good in weeding out spam messages so it isn't too much of a nuisance but I know it can be a concern when it happens.

They also have a good password checker too - I changed all of mine after I'd used the site - needless to say I don't use any sensitive ones (banking etc) for general use.

Hope this helps

Rich


Offline mikep

  • Sr. Member
  • ****
  • Posts: 333
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Re: Email hacked?
« Reply #6 on: February 22, 2019, 11:00:37 pm »
Thanks Rich,

I've tried the site and it says I'm ok as far as data breaches are concerned, which is good. But it doesn't prove that neither I nor any of my contacts haven't been targeted by malware.

The real worry is that my account sent two emails to recipients I don't know, but with a subject line referring to a social group I do know, suggesting that some piece of malware is using address books to spread itself. More worrying is that those 2 emails were sent despite the fact that I'm running linux, so presumably it's a browser-hack. Hopefully any payload contained in an email is sitting on my computer looking in vain for Windows files, but I don't like to think that such payloads can be transmitted from my computer to my contacts, who probably ARE running Windows/playing russian roulette (delete as appropriate).

M
Of all the things I've lost, I miss my mind the most...

Offline SeZo

  • Hero Member
  • *****
  • Posts: 1832
  • Karma: 142
  • Gender: Male
    • View Profile
    • Awards
Re: Email hacked?
« Reply #7 on: February 23, 2019, 08:10:53 am »
Have you considered that the breach might have occurred at Microsoft?

Sometime ago my daughter had an email address with outlook.com
Her account was breached, then MS locked her out.
After a long wrangling they admitted that it happened at their end.
She never used them again

Online Mark Greaves (PCNetSpec)

  • Administrator
  • Hero Member
  • *****
  • Posts: 18268
  • Karma: 477
  • Gender: Male
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
    • Awards
Re: Email hacked?
« Reply #8 on: February 23, 2019, 05:14:48 pm »
If you think it may be a browser hack, why not just delete the browser profile (giving you a clean browser) .. THEN reset the password on the email account ?

But is your Linux PC the only PC you use to access your email ? .. and if it's webmail, anyone that could log in would have access to the contacts wouldn't they ?

I should add I'm still not convinced there was a breach in the first place .. I often get messages from Google saying "an unknown PC was used to access my account" and it was me.

And a friend of mine who uses Opera's built in proxy is forever getting locked out of his Google accounts.
« Last Edit: February 23, 2019, 05:17:48 pm by Mark Greaves (PCNetSpec) »
WARNING: You are logged into reality as 'root'
logging in as 'insane' is the only safe option.
pcnetspec.co.uk

Offline mikep

  • Sr. Member
  • ****
  • Posts: 333
  • Karma: 1
  • Gender: Male
  • Me again!
    • View Profile
    • Awards
Re: Email hacked?
« Reply #9 on: February 28, 2019, 08:19:12 pm »
Thanks Mark,

I only access my email account from my linux PC or via my android phone. I suspect android - and, in fact, everything google. My next phone will be an iphone.

The two outgoing emails I definitely did not send must represent some sort of breach though, whether a browser hack or a virus in an incoming email.

There doesn't seem to have been any other suspect activity since I changed my password though. I'm keeping a careful eye on it. I still haven't reconnected my phone to the account (the fact that it got disconnected in the first place also seems to suggest a problem)...

Thanks SeZo,

Sounds perfectly plausible. There lies the problem. Who do we trust? Would a non-web mail be more secure? Haven't had one of them for years..
« Last Edit: March 01, 2019, 12:56:41 am by mikep »
Of all the things I've lost, I miss my mind the most...

 


SimplePortal 2.3.3 © 2008-2010, SimplePortal