Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search
32 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Question for computer experts (Original Post) wasupaloopa Nov 2017 OP
With a saw, sure. unblock Nov 2017 #1
Define hacked Egnever Nov 2017 #2
Micro Soft said someone logged into my wasupaloopa Nov 2017 #4
Microsoft will never ever call you Egnever Nov 2017 #6
They did not call I got emails wasupaloopa Nov 2017 #9
Hopefully Eko Nov 2017 #12
Microsoft sent me an activity log and asked if wasupaloopa Nov 2017 #18
That sounds pretty close to their typical procedure Egnever Nov 2017 #20
I had to reset mine once Eko Nov 2017 #21
Oh and ... Egnever Nov 2017 #23
Microsoft will never call you unless you have already paid them to call you DBoon Nov 2017 #28
If the malware got onto your computer when you opened a message, it wasn't turned off mythology Nov 2017 #8
This message was self-deleted by its author Egnever Nov 2017 #11
On reading your response a second time Egnever Nov 2017 #10
What could they do hacking into my Microsoft wasupaloopa Nov 2017 #14
Well that depends on what you do with your account Egnever Nov 2017 #16
My Microsoft account is for my email wasupaloopa Nov 2017 #17
Then if it is indeed hacked they have access to all your mail Egnever Nov 2017 #19
I run malwarebytes daily wasupaloopa Nov 2017 #22
Thanks wasupaloopa Nov 2017 #24
So it sounds like you may have been phished. Denzil_DC Nov 2017 #25
Quick check to see if you were phished rufus dog Nov 2017 #29
Just to be clear, did you get an email from your Microsoft account, or.. moriah Nov 2017 #13
I got emails wasupaloopa Nov 2017 #15
No. The_jackalope Nov 2017 #3
First Google Response Leith Nov 2017 #5
If it is connected to the internet Eko Nov 2017 #7
theoretically, yes lapfog_1 Nov 2017 #26
Why are you concerned? (n/t) PJMcK Nov 2017 #27
My microsoft account was hacked I had to change the password wasupaloopa Nov 2017 #31
Sounds like a Phish attempt as stated above. blogslut Nov 2017 #30
If Network attached, an Intel vPro chip and Intel Network card... easily. Others, more difficult. TheBlackAdder Nov 2017 #32
 

wasupaloopa

(4,516 posts)
4. Micro Soft said someone logged into my
Thu Nov 23, 2017, 10:41 PM
Nov 2017

account using Chrome from Washington DC an hour ago.

Microsoft had me change my password
I live in CA and never use chrome

I also had to change my Facebook password yesterday weird messages were sent from my Facebook account

This happened a day after I got one of those weird messages and opened it

I am on the road using my cell phone
My computers are at home turned off

 

Egnever

(21,506 posts)
6. Microsoft will never ever call you
Thu Nov 23, 2017, 10:44 PM
Nov 2017

That do not care one but if you are hacked.


You have been scammed it sounds like to me and likely are being hacked as we speak since you gave up passwords to someone on the telephone claiming to be Microsoft.

Microsoft will never call you they don't even have your number.

Eko

(7,272 posts)
12. Hopefully
Thu Nov 23, 2017, 10:50 PM
Nov 2017

you did not follow a link from that email to reset your passwords, if so got to microsoft.com and reset your passwords immediately.

 

wasupaloopa

(4,516 posts)
18. Microsoft sent me an activity log and asked if
Thu Nov 23, 2017, 10:59 PM
Nov 2017

it was me, I answered no

They asked for last four of my phone number
I entered that and got a text with s security code

I had to enter that to reset my passeord

 

Egnever

(21,506 posts)
20. That sounds pretty close to their typical procedure
Thu Nov 23, 2017, 11:05 PM
Nov 2017

That said I would still go to the Microsoft site directly and change it again to be safe.

It sounds like a legitimate response from Microsoft but clicking links in emails to reset passwords makes me very nervous.

DBoon

(22,350 posts)
28. Microsoft will never call you unless you have already paid them to call you
Fri Nov 24, 2017, 12:13 AM
Nov 2017

Whoever called you was lying.

Remember, no for profit corporation ever does anything without being paid first.

 

mythology

(9,527 posts)
8. If the malware got onto your computer when you opened a message, it wasn't turned off
Thu Nov 23, 2017, 10:44 PM
Nov 2017

Download, install and run Malwarebytes. I suspect it will find some issues.

Also Microsoft wouldn't call you to tell you somebody logged into your Chrome account. You should change your password again, especially if you gave the person your password.

Response to mythology (Reply #8)

 

Egnever

(21,506 posts)
10. On reading your response a second time
Thu Nov 23, 2017, 10:47 PM
Nov 2017

It sounds like your Microsoft account was hacked.

If that is what you meant by Microsoft saying someone logged in from another area.

Your online accounts can be hacked regardless of the state of your computer.

All of that info is stored on other computers not yours.

 

wasupaloopa

(4,516 posts)
14. What could they do hacking into my Microsoft
Thu Nov 23, 2017, 10:51 PM
Nov 2017

account my computers are off it is my phone I have been using

 

Egnever

(21,506 posts)
16. Well that depends on what you do with your account
Thu Nov 23, 2017, 10:52 PM
Nov 2017

And how much in you gave Microsoft in the first place when you created it.

 

Egnever

(21,506 posts)
19. Then if it is indeed hacked they have access to all your mail
Thu Nov 23, 2017, 11:00 PM
Nov 2017

I would highly encourage you to look at all off your online accounts and change passwords and enable two factor authentication where available.

They could also use access to your email account to reset passwords of other online accounts.

As someone else said you should have your computer looked at by a professional or at the very least run a Malwarebytes scan.

Two factor authentication can avoid this happening in the future.


Last bit of advise never change passwords from a link in an email go directly to the site yourself to change the password.

Denzil_DC

(7,227 posts)
25. So it sounds like you may have been phished.
Thu Nov 23, 2017, 11:19 PM
Nov 2017

As well as the good advice above, if you use your email account for anything financial - online banking, shopping, PayPal, anything where account details might be available to someone who can look through your emails - you need to safeguard yourself against that being exploited.

If you do use anything like that, you may want to contact your bank; once you have access to a secure email account again, change any passwords that might have been exposed, that sort of thing.

You may need to change your social media passwords, too (including DU!) if you used that email address for registration and didn't delete the emails.

 

rufus dog

(8,419 posts)
29. Quick check to see if you were phished
Fri Nov 24, 2017, 02:01 AM
Nov 2017

Look at the email you first received and google the from account, should be @microsoft.com.

After googling you will likely be able to figure out if the sent address is valid. If it is something like microsoft.ru or something else you are not used to seeing then back off.

moriah

(8,311 posts)
13. Just to be clear, did you get an email from your Microsoft account, or..
Thu Nov 23, 2017, 10:51 PM
Nov 2017

... a phone call?

Many times they will email you if a new device accesses your Microsoft account, but that doesn't mean they accessed your personal computer. If your FB was hacked and you were using the same password for your Microsoft account, it's not surprising it was the next targeted.

I agree with scanning your computer or getting someone you know who is a sympathetic egghead to do it for you is a good idea, but I think people are jumping the gun on assuming this was a phone-call scam.

Microsoft does send email notifications if unknown devices log into Microsoft accounts, including sometimes your own cell phone.

Leith

(7,808 posts)
5. First Google Response
Thu Nov 23, 2017, 10:41 PM
Nov 2017
http://ask-leo.com/can_my_computer_be_hacked_if_it_is_turned_off.html

In this excerpt from Answercast #12, I walk through an unlikely scenario that could allow a turned-off computer to be hacked and show you how to prevent this from happening.



Eko

(7,272 posts)
7. If it is connected to the internet
Thu Nov 23, 2017, 10:44 PM
Nov 2017

and wake up on lan is enabled in bios and os it very possible. Someone would have to have set the computer for this as there are multiple steps. Short answer is yes, long answer is not very probable unless someone has had physical access and set it up for that.

lapfog_1

(29,194 posts)
26. theoretically, yes
Thu Nov 23, 2017, 11:29 PM
Nov 2017

Since all computer hacks generally involve changing a collection of bits on a storage device or some other non-volatile storage, it would be possible to make the "hack" on the storage device either by making direct changes to the storage ( almost impossible ) or by attaching the storage device to another computing system (or some sort) and making the needed changes there. This would require physical access to the computer to be hacked.

In any event, this is a lot of trouble to accomplish so it is not very likely.

OTOH, changing the bits on the storage device using another computing device to make the modifications would be almost undetectable ( again, assuming physical access ).

blogslut

(37,991 posts)
30. Sounds like a Phish attempt as stated above.
Fri Nov 24, 2017, 03:24 AM
Nov 2017

I got a similar email about a month ago. Said it was from Google but it was sent to the email address I use as a backup for my actual Gmail account. It told me that an attempt had been made to log on to one of "my" Android devices. Thing is, the email message said someone tried to access my device from another state. Also the Google email address they said was mine was not mine - remarkably similar but not the same.

The phishing email gave me a handy, clickable, Google link to change my password, only the link didn't look like any Google link I'd ever seen. I did not click it. Instead I went to Google on my own and changed my password. I went and changed the password to my backup email account too.

Here's the thing about email addresses. If you've had one for any length of time and you've done something relatively innocuous like subscribe to a newsletter or open an online account for a shop or a service, if you've even emailed your congressperson, at some point your email is going to get sold (or shared) as part of a list because email lists are assets.

Oh sure, they all slap up a boilerplate privacy statement, promising they will never sell your email but they lie. If that cool tech shop or pet supply site sells their business or the owner declares bankruptcy, of course they're going to sell their email list because email lists are assets.

I'm not saying that you need to get a new email address. Hell I have one that's going on 20 years old. What I'm saying is definitely get more than one email address but not so many that you can't keep track.

Never click on links in an email. Instead, go directly to the websites you need to deal with. Turn off the preview pane in your email software or online account. Disable auto-display of HTML and Images in your email settings. And don't open an attachment unless you are positive it's from someone you know and even then, think twice before you do it.

TheBlackAdder

(28,179 posts)
32. If Network attached, an Intel vPro chip and Intel Network card... easily. Others, more difficult.
Fri Nov 24, 2017, 09:43 AM
Nov 2017

.

For over 10 years, the government has required the following devices to have access points for the NSA:

Routers, both home and business (ie. Cisco got caught with one last year)
Mainboards (ie. your motherboard)
Operating Systems (like MS products and government-funded versions of Linux)

Obama, expanded the blanket search order just before leaving office that allows up to one million computers to be "hacked" on one warrant. But, the computers aren't really being hacked. There are access points and gate calls that allow direct penetration into a computer within milliseconds. Obama's order expanded what could be done to those computers too. From not just accessing and extracting information, to also allowing the government to remove, delete and add code or files onto the computer(s).

Microsoft and AT&T are chief NSA collaborators. One of the reasons for the big push to Windows 10 is that it enhances data mining and adds Cortana which is difficult to fully disable. Folks with fully-licensed WIN7 computers were badgered to upgrade their operating systems to help meet this need. You had to install 3rd-party blockers to prevent the accidental upgrades to reminders from popping up. Go to EFF and do a quick find on AT&T to see how they harvest data for the NSA.

https://www.eff.org/nsa-spying

https://www.eff.org/deeplinks/2014/05/how-nsa-transforming-law-enforcement

https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive


The vPro chips further expand the access into a computer, by providing enhanced remote signon for desktop support services for company help-desks, or so claimed, yet only a handful of Non-vPro chips are offered. Most home computers are shipped with them installed. You have to actually find the CPU version on a PC/laptop for sale and go to Intel to see if it is a vPro chip, because often it is not readily known from just looking at the box or description.


Intel also has their Intel Management Engine, which a quick trip to tomshardware.com or zdnet.com will show many hits on this. Purism and Google are trying to disable this feature, because it is actually a second processor that runs a MINUX operating system on it that allows full control of a computer without leaving any traces. Purism was able to disassemble some of what this code does, so it is not speculation that Russia, China, other Nation States, organized crime or hackers could do the same.

https://puri.sm/learn/intel-me/

http://www.tomshardware.com/news/intel-me-security-vulnerabilities-patches,35971.html

http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/

With knowledge of iME, ANYONE can access a computer while leaving absolutely NO TRACE they were doing it.

.

Latest Discussions»General Discussion»Question for computer exp...