Email hacked?

Just been locked out of my outlook.com account because of ‘unusual activity’.

Having got back in, I found the following.

Time (GMT) Session Type Approximate location
12/02/2019 19:58 Automatic Sync United Kingdom

ProtocolIMAP Time12/02/2019 19:58
IP: 92.40.249.198 Approximate location: United Kingdom

Account alias: Type: Unusual activity detected
xxxxxxxx@outlook.com

Trouble is, how do I tell whether it was my phone trying to sync with outlook, or someone else up to no good? An IP lookup suggests that 92.40.249.198 is in Brighton, Barking or Cardiff, whereas I’m in Norfolk and my ISP is in Scotland, so it looks suspect to my eagle eye.

Also, it appears I sent two messages both to recipients I don’t know, but with a subject line referring to a social group I do know. That suggests to me that maybe one of that group got hacked and was used to send fake messages, including to me. Does that sound credible?

Finally, my phone stopped syncing with my outlook account. I haven’t set it up again yet because I’m not confident about what’s going on.

Trouble is, how do I tell whether it was my phone trying to sync with outlook, or someone else up to no good? An IP lookup suggests that 92.40.249.198 is in Brighton, Barking or Cardiff, whereas I'm in Norfolk and my ISP is in Scotland, so it looks suspect to my eagle eye.

IP based geolocation doesn’t necessarily mean much from a phone I’m afraid.
(in fact it’s not that accurate on a landline)

About all you’re going to know for sure is that IP is registered to:-

netname: H3GUK (Three)
descr: Mobile Broadband Service

and the time of the connection.

I mean Three could theoretically tell you which phone/tower was the point of origin (and probably the users contacts, current/past location, browsing history, etc.) … but I wouldn’t hold your breath unless you’re the security services.

Thanks Mark,

So what would you do in these circumstances? I changed my password, and have noticed no further suspect activity so far…

Also, any thoughts on what happened? Phone hack, computer hack, 3rd party computer hack, browser hack? I’d appreciate your opinion…

M

Does outlook offer two factor authentication ?

There may not have been a hack in the first place … are you sure it wasn’t you that connected, and the IP geolocation wasn’t just incorrect so triggered the warning ?

I can’t be sure it wasn’t my phone trying to sync, but I can’t be sure it was.

But it baffles me why the IP lookup suggests three possible locations hundreds of miles apart, and why my phone suddenly stopped syncing with outlook. And Microsoft seems to think something suspect was happening…

I think outlook does offer two factor authentication. Will look into it, although I don’t really like giving MS my phone number. Mind you, Google has it by default. How much worse could it get?

Mike, you can check here to see if your email account has been hacked - the site has good reviews and I’ve had no issue using it but please check it out thoroughly and satisfy yourself first. :wink:

I started to get a lot of spam emails after I’d registered on an American music equipment site - I’m pretty sure they’d been hacked as all my spam originates from the States. I have a Gmail address and Google are pretty good in weeding out spam messages so it isn’t too much of a nuisance but I know it can be a concern when it happens.

They also have a good password checker too - I changed all of mine after I’d used the site - needless to say I don’t use any sensitive ones (banking etc) for general use.

Hope this helps

Rich

Thanks Rich,

I’ve tried the site and it says I’m ok as far as data breaches are concerned, which is good. But it doesn’t prove that neither I nor any of my contacts haven’t been targeted by malware.

The real worry is that my account sent two emails to recipients I don’t know, but with a subject line referring to a social group I do know, suggesting that some piece of malware is using address books to spread itself. More worrying is that those 2 emails were sent despite the fact that I’m running linux, so presumably it’s a browser-hack. Hopefully any payload contained in an email is sitting on my computer looking in vain for Windows files, but I don’t like to think that such payloads can be transmitted from my computer to my contacts, who probably ARE running Windows/playing russian roulette (delete as appropriate).

M

Have you considered that the breach might have occurred at Microsoft?

Sometime ago my daughter had an email address with outlook.com
Her account was breached, then MS locked her out.
After a long wrangling they admitted that it happened at their end.
She never used them again

If you think it may be a browser hack, why not just delete the browser profile (giving you a clean browser) … THEN reset the password on the email account ?

But is your Linux PC the only PC you use to access your email ? … and if it’s webmail, anyone that could log in would have access to the contacts wouldn’t they ?

I should add I’m still not convinced there was a breach in the first place … I often get messages from Google saying “an unknown PC was used to access my account” and it was me.

And a friend of mine who uses Opera’s built in proxy is forever getting locked out of his Google accounts.

Thanks Mark,

I only access my email account from my linux PC or via my android phone. I suspect android - and, in fact, everything google. My next phone will be an iphone.

The two outgoing emails I definitely did not send must represent some sort of breach though, whether a browser hack or a virus in an incoming email.

There doesn’t seem to have been any other suspect activity since I changed my password though. I’m keeping a careful eye on it. I still haven’t reconnected my phone to the account (the fact that it got disconnected in the first place also seems to suggest a problem)…

Thanks SeZo,

Sounds perfectly plausible. There lies the problem. Who do we trust? Would a non-web mail be more secure? Haven’t had one of them for years…