1. Forum
  2. Usenet
  3. UK.COMP.HOMEBUILT

  • Compromised Hotmail account and suspicious timing

    From David@21:1/5 to All on Sat Sep 16 15:41:36 2023
    We have just discovered that a friend's Hotmail account has been
    compromised.

    Not sure how because they are normally very cautious.

    The interesting timing is because they have just bought a new laptop and I helped with the configuration, and 2FA wasn't working because the account
    had a (correct) phone number associated with it but this failed to ring
    and supply the 2FA prompt.
    [I suspect that M$ was assuming a mobile phone and tried to send a text to
    a land line.].

    Anyway we decided to change the 2FA setting to a Gmail account.
    Because of the 2FA failure a wait of 30 days was put on any further
    account activity.

    Recently (about a week ago) another email was received saying the waiting period was over.

    Today phishing emails are going out from that account.

    Correlation and causation, of course, but it does make me wonder.

    Is this ringing bells with anyone?

    Cheers



    Dave R


    --
    AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Abandoned_Trolley@21:1/5 to Jeff Gaines on Sat Sep 16 17:13:25 2023
    On 16/09/2023 16:57, Jeff Gaines wrote:
    On 16/09/2023 in message <[email protected]> David wrote:

    [I suspect that M$ was assuming a mobile phone and tried to send a
    text to
    a land line.].

    You have been able to text via a landline for 20 years now.



    And the robot even leaves a message on your answering machine (for those
    of you who can remember what that is)


    --
    random signature text inserted here

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeff Gaines@21:1/5 to David on Sat Sep 16 15:57:39 2023
    On 16/09/2023 in message <[email protected]> David wrote:

    [I suspect that M$ was assuming a mobile phone and tried to send a text to
    a land line.].

    You have been able to text via a landline for 20 years now.

    --
    Jeff Gaines Dorset UK
    The first five days after the weekend are the hardest.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David@21:1/5 to All on Sat Sep 16 17:56:43 2023
    On Sat, 16 Sep 2023 17:13:25 +0100, Abandoned_Trolley wrote:

    On 16/09/2023 16:57, Jeff Gaines wrote:
    On 16/09/2023 in message <[email protected]> David
    wrote:

    [I suspect that M$ was assuming a mobile phone and tried to send a
    text to a land line.].

    You have been able to text via a landline for 20 years now.



    And the robot even leaves a message on your answering machine (for those
    of you who can remember what that is)

    I wonder why the phone didn't ring, then?
    Even made a call to it to confirm that it was working.



    --
    AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Daniel James@21:1/5 to David on Sun Sep 17 00:24:26 2023
    On 16/09/2023 18:56, David wrote:
    I wonder why the phone didn't ring, then?
    Even made a call to it to confirm that it was working.

    IME it takes some time for BT's robots to read the text message and ring through with the voice version; from minutes to days.

    I used to have a landline phone that could handle SMS as SMS, but I
    never set it up because BT wanted money for the privilege and I had a
    perfectly good mobile for that sort of thing.

    Last time I had to buy a new landline phone I ended up getting one that
    doesn't handle SMS. Progress, I suppose ...

    --
    Cheers,
    Daniel.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David@21:1/5 to David on Tue Sep 19 18:52:37 2023
    On Sat, 16 Sep 2023 15:41:36 +0000, David wrote:

    We have just discovered that a friend's Hotmail account has been
    compromised.

    Not sure how because they are normally very cautious.

    The interesting timing is because they have just bought a new laptop and
    I helped with the configuration, and 2FA wasn't working because the
    account had a (correct) phone number associated with it but this failed
    to ring and supply the 2FA prompt.
    [I suspect that M$ was assuming a mobile phone and tried to send a text
    to a land line.].

    Anyway we decided to change the 2FA setting to a Gmail account.
    Because of the 2FA failure a wait of 30 days was put on any further
    account activity.

    Recently (about a week ago) another email was received saying the
    waiting period was over.

    Today phishing emails are going out from that account.

    Correlation and causation, of course, but it does make me wonder.

    Is this ringing bells with anyone?

    Update: I found a phishing email claiming to be from Microsoft dated the
    day the compromise happened.
    One of those "timing" this where an email from Microsoft was expected.
    No admission from my friend, but circumstantial evidence looks pretty
    solid.
    Microsoft provide a security log for the account which showed a successful
    log in from Nigeria at the expected date, then further successful log ins
    from other devices around the world.

    I reset the password using the newly activate 2FA with a Gmail address as
    the second channel.

    I then had a head scratcher because emails were going out but not being received.
    Being out of practice it took me a while and some Internet searching (Bing
    not Google) to remind myself about redirects.
    I looked at the configuration page for the Hotmail account using Outlook
    web and there was no redirect showing.
    However when I set up another redirect it all sprang back to life.
    I cleared the redirect and all still seems to be working.

    In this case, no real harm done as the subsequent phishing of the contacts
    for Amazon gift vouchers for someone apparently in Canada were not
    convincing.

    Also fortunately my friend doesn't shop or bank on line.
    Think Luddite.
    So the email address could not be used to reset credentials on web sites
    which could then be used to buy stuff.

    All in all a salutary tale, and a reminder to be double wary if you are expecting an email.


    Cheers



    Dave R



    --
    AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)