 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Hacked email account - what to do?
| Author | Message | ||||
Grogster Admin Group  Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
Outlook 365 account. Any attempt to change the password is circumvented by the hackers by changing it again. Attempts to verify via cellphone and change the password WORK, but then then hackers just change the password again at their end to lock me out again, so they can continue to send their crap and money grabbing bollocks to everyone on my contacts list. Private email address, not my business one. But I have changed the P/W on my business email just to be sure. Virus and SpyBot scans result in no infections that they are aware of on the system - no keyloggers found etc, but I suspect that is how they got control. Perhaps a new type of keylogger that SpyBot etc is not aware of? Anyone heard of anything like that recently? As mentioned, I was able to change the password, but then the new password does not work 10 mins later, as they have obviously changed it again at their end. At this point, I am looking to simply ask Microsoft to KILL the account, but I can't even do that, as the hackers keep changing the password, so there is nothing I can do to regain control using the normal channels and inform Microsoft of the issue. As of tonight, MS have locked the account as there have been too many attempts to verify via phone(that'll be me), so their servers have obviously noted something odd going on with this account Suggestions? Is there perhaps a link I can go to to report this to Microsoft and ask them to kill the email account? I can verify that way via my cellphone or other methods. A way to actually TALK to Microsoft on the phone about this would be best rather then fighting through various automated emails. Most contacts informed by phone of the situation, bank informed. Smoke makes things work. When the smoke gets out, it stops! |
||||
| Rado Regular Member  Joined: 27/11/2020 Location: CroatiaPosts: 59 |
Have you tried to change the password and immediately after turn on 2FA that points to some device of yours (a phone, for example)? |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
No. How do you do that? Smoke makes things work. When the smoke gets out, it stops! |
||||
| Rado Regular Member Joined: 27/11/2020 Location: CroatiaPosts: 59 |
Also, the fact that the other side can change your password shortly after you've changed it would generally suggest two things: - your own machine is compromised and monitored, so that third party can get the new information right after you make it; - your cloud service has a malicious application attached to it that has permissions high enough to administer your account. The first possibility is much more likely in this case. Try booting Linux from usb stick and then changing the password and turning on 2FA - that way, even if they somehow can try to change your password, without 2FA confirmation they will not be abl to do so. |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
Sounds great - I have many different Linux USB drives I can boot from, but HOW do I turn on 2FA? I don't even know what that is....  Smoke makes things work. When the smoke gets out, it stops! |
||||
thwill Guru  Joined: 16/09/2019 Location: United KingdomPosts: 4311 |
Two Factor Authentication Basically in addition to prompting you for a password it will also send an SMS containing a code to your phone and prompt you to enter that code (into the login dialog) as well. Sounds annoying, it can be, but you can also switch 2FA off on selected devices so that logins from those only require passwords. Many links on the web, this one looks adequate: https://support.microsoft.com/en-us/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4 Best wishes, Tom MMBasic for Linux, Game*Mite, CMM2 Welcome Tape, Creaky old text adventures |
||||
| Davo99 Guru Joined: 03/06/2019 Location: AustraliaPosts: 1584 |
I would try using a different machine to change the PW. I agree that they are probably monitoring somehow so if you use a different/ work/ Friends machine you may get around it. I have had some Viruses over the years and the rage, fury and savagery I could execute on the people responsible if I got my hands on them without a seconds regret would otherwise be disturbing. |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
Thanks for that chums. I hear that.    Smoke makes things work. When the smoke gets out, it stops! |
||||
Gizmo Admin Group Joined: 05/06/2004 Location: AustraliaPosts: 5119 |
Yeah agree with Davo, try using another machine to log into the email account and change your password. It does sound as though your PC is compromised and watched. More common than people think, and can be difficult to track it down. Glenn The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
| robert.rozee Guru Joined: 31/12/2012 Location: New ZealandPosts: 2442 |
first log out ALL instances: https://www.eduhk.hk/ocio/content/faq-how-log-out-all-office-365-devices then immediately log in again, change your password, then repeat the above step a second time. then immediately log in again, turn on 2-step authentication, then repeat the first step again. use the web-based interface (https://outlook.live.com/owa/ ) to do all the above. NOT outlook or any other email client running on the PC. and if possible, do it from a linux or osX machine. cheers, rob :-) |
||||
| Davo99 Guru Joined: 03/06/2019 Location: AustraliaPosts: 1584 |
I remember years ago a guy in IT proudly showing me a program his company had developed that tracked anyone that went to their website through a Cookie that was automatically placed and then placed targeted ads at that user. Seems this has become very run of the mill now and not hard to see how it could be corrupted for even more sinister use. Some time back I was searching for " Hardwood Flooring" and then got deluged with gay porn ads.  |
||||
Turbo46 Guru Joined: 24/12/2017 Location: AustraliaPosts: 1642 |
Good point. Try clearing all cookies. Bill Keep safe. Live long and prosper. |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
Thanks very much everyone.  Still not fixed, but I now have some very good suggestions to use. I will use another laptop and boot from a Linux live USB and use the web-based method that Rob suggested. I have several backup images of that machine via Macrium Reflect, but the problem is that now I am unsure if the image is compromised. Restoring the system from the backup image, might just re-enable the tracking etc. PERHAPS I will do a full clean-install, but that takes a lot of time, but it was the only way to do it before utilities like Macrium came along. Then again, perhaps I could just move the laptop over to Linux - am seriously considering that, as all my recent moves to Linux have been happy ones.  Smoke makes things work. When the smoke gets out, it stops! |
||||
Mixtel90 Guru Joined: 05/10/2019 Location: United KingdomPosts: 7937 |
Try changing your details from a different computer at different IP address - just in case. Even better, do it using a linux-on-a-stick like Puppy as well. It will all help to break whatever is watching you. Edited 2021-07-13 18:53 by Mixtel90 Mick Zilog Inside! nascom.info for Nascom & Gemini Preliminary MMBasic docs & my PCB designs |
||||
| lizby Guru Joined: 17/05/2016 Location: United StatesPosts: 3378 |
All very good for fixing the problem with your PC, but all your email contacts may continue to receive spurious emails purporting to be from you, since the intruder probably harvested your contact list, and spoofing the email sender to be you is trivial. Dammmmed hijackers. PicoMite, Armmite F4, SensorKits, MMBasic Hardware, Games, etc. on fruitoftheshed |
||||
| Rado Regular Member Joined: 27/11/2020 Location: CroatiaPosts: 59 |
I would very eagerly suggest everyone to use 2FA for any account that has any importance to them. I use it, I know it's been pain in certain parts of the body, but then again, it did save me once when attackers managed to force password reset somehow, but it could not be done without sending 2FA key to the server. (while I'm at it, there's a known scam going on when people impersonate a friend or service over the chat app and try to get the victim to send them 2FA key generated on their phone - NEVER send 2FA keys to anyone!) As for the laptop, you can't know for how long it has been compromised, so the clean reinstall is the only safe option (if we discount malware that can persist in UEFI or HDD firmware, that is - but this is not very likely to be the case). |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
UPDATE: I have my account back! I used a Puppy Linux USB flash drive, and went in and changed the password, then enabled the two-step thing. I also downloaded the Microsoft Authenticator app to my phone. That is actually quite cute. The webpage gave me a QR code on the screen, and I just scanned that with the phone app, and my account was linked to my phone, and I can now authenticate using that AND my password. That should keep that mother er out.What a fiasco.  I note the comments made that my contacts have probably already been harvested, but.....excrement occurs. I WILL clean-install the laptop. I will PROBABLY simply move it to Linux Mint. There is nothing on that laptop that absolutely HAS to have Windows on it. Interestingly, I could not access the BIOS on the laptop. It is an HP laptop, and usually pressing F10 gets you into the BIOS, but not on this one. I've never tried to get into the BIOS on this particular machine before, so I have no idea if it was like that before, or if this is also somehow related. I get the prompt: "F10 - BIOS setup settings." in the lower-left corner of the screen, but then the BIOS never comes up - I waited about 30 mins, it just sits there and does nothing. Removed all connected devices, even removed the battery - won't let me in. I used another laptop to boot the Linux and reset the password and scan the QR code for my phone app. Smoke makes things work. When the smoke gets out, it stops! |
||||
| Rado Regular Member Joined: 27/11/2020 Location: CroatiaPosts: 59 |
Just a note, if you're thinking about moving to latest Mint, I do have issues with both my desktop and laptop with the latest implementation - both use nVidia cards, and I do use binary drivers, and indeed, Cinnamon crashes on both of them. Might be the applets as suggested on forums, but then again, you might want to wait a little before going to 20.2 Uma. 20.1 is rock solid, though. |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9610 |
Having got access to the mail again and having setup the authenticator app, I could send mail, but NOT receive any. That had me scratching my head for a little while, until I thought to check the email rules in the account - the hackers had setup a gmail account and set a rule for all incoming email to be forwarded to that address. I - naturally - deleted the rule. What a bunch of assholes. No wonder they keep their identity well hidden. If ever there was a GENUINE reason for a lynching mob, hackers that do this kind of thing and cause this much stress for people are it. Lesson learnt though. I have already changed my business email password and enabled two-level authentication there also. I don't want to get bitten with this bollocks a second time. Smoke makes things work. When the smoke gets out, it stops! |
||||
 Print this page |
 |
The Back Shed's forum code is written, and hosted, in Australia. | © JAQ Software 2025 |
